DISA posts AWS Secret sources sought
On July 9 the Defense Information Systems Agency (DISA) posted a sources sought notice for for AWS Secret Region in support of DISA/Operations Center/Services Directorate/Cloud Services Division (SE7). Responses are due by 4:00 p.m. Eastern on July 23.
DISA is seeking information for potential sources for software-defined instances from a commercial Cloud Service Provider (CSP) in order to host components of DISA’s Secure Cloud Computing Architecture (SCCA). In order to meet this need, proprietary brand name, commercial off-the-shelf AWS Secret Region Infrastructure as a Service is required.
The period of performance (PoP) for this requirement will consist of a one year base period with two 1-year options.
DISA’s SCCA mission is to provide Defense Information System Network (DISN) boundary cyber defense and cloud-based mission owner system cyber defense for Department of Defense (DoD) workloads hosted in commercial cloud environments. The DISA SCCA does this using an enterprise suite of security services designed to secure DoD applications and data hosted in off-premise commercial cloud environments and protect DoD networks from malicious activity originating from workloads hosted in those environments.
DoD workloads hosted in individual CSPs are protected by placing SCCA sensors in those CSPs to monitor DoD workloads hosted therein. These sensors inspect traffic to and from those DoD workloads and route inspected traffic to the DISN. The SCCA sensors placed in a CSP can only be hosted on that CSP’s commercially available infrastructure. One CSP cannot host and integrate the SCCA sensors required to secure DoD workloads hosted in another CSP.
DISA does not determine where DoD mission owners chose to host their cloud-based DoD workloads but is charged with protecting those workloads in the CSPs they select. To do so, DISA SCCA must place boundary defense sensors in CSPs hosting actual DoD workloads and follow demand signals for where DoD workloads will be hosted in order to place sensors in those CSPs. Those CSPs with existing and forecast workloads are the first to be integrated with the SCCA and have boundary defense established for those DoD workloads. These CSPs must have SCCA sensors hosted and integrated within their commercially available infrastructure, which in turn will provide boundary defense to the DoD Information Network and protect mission owner hosted DoD workloads.
The DoD mission owners can select any CSP to host their Cloud workloads that is approved for hosting Impact Level 4 (IL4) workloads or higher and has provisional authority (PA) for moderate level workloads. The AWS Secret Region services has Federal Risk and Authorization Management Program approval for IL6 workloads, PA for moderate workloads, currently hosts existing DoD workloads, and has strong demand for additional DoD workloads.
This requirement is to protect the DISN and AWS Secret Region services workloads by hosting SCCA sensors in the AWS IL6 infrastructure. AWS Secret Region services is the only product that can be integrated in the existing AWS IL6 infrastructure to host the SCCA sensors required to protect the DISN and DoD workloads hosted in the AWS Secret Region.
Full information is available here.