The U.S. Air Force admitted in a May 20 request for information (RFI) that the agency lacks an Enterprise Data Loss Prevention Program (E-DLP) to protect sensitive information, but is now seeking a new approach to data protection with a proof of concept for an E-DLP at one of its bases.
In lieu of an E-DLP, the Air Force used point solutions deployed by IT professionals, instead of the data owners themselves, to protect specific data use cases. “We do not have the requisite policies, organization, training, or equipment to empower data owners and users to effectively secure all Air Force sensitive data,” the Air Force states in the RFI.
Now, the Air Force is looking for an E-DLP proof of concept that could accommodate 100 users, scale to multiple data owners, and represent Air Force’s main data egress points either on-premises or in the cloud. The solution should be able to aggregate and correlate alerting capabilities across multiple Air Force networks and classifications via a cross-domain solution, according to the RFI.
“This will not be limited to a technology demonstration,” the Air Force states. “It will also include developing the requisite policies to support holistic employment of E-DLP. Additionally, we will seek ways to best organize and train our IT Airmen and data owners and users to effectively employ E-DLP capabilities.”
The Air Force is accepting responses through June 16.