General Dynamics Information Technology (GDIT) last month won a prominent seat at the table in the Defense Department’s (DoD) campaign to move to zero trust security architectures.
That came in the form of an award from the Defense Information Systems Agency (DISA) under Other Transaction Authority (OTA) for a Phase III production agreement for Identity, Credential, and Access Management (ICAM) solutions. The production deal followed GDIT’s Phase I and Phase II work for DISA including a successful pilot project.
The ICAM solution will secure identity, access, and account management for DoD applications, and is foundational to zero trust implementation. The Phase III agreement is worth up to $162 million, with a one-year base period and four option years.
MeriTalk recently sat down with Jim Matney, Vice President and General Manager of the DISA and Enterprise Services Sector for GDIT’s Defense Division, to discuss how the ICAM solution will serve as a critical pillar to establishing zero trust within the Federal defense enterprise.
MeriTalk: Congrats on the contract, can you take us through what the work will entail?
Matney: It’s about providing a better solution to manage the identity of not just individuals, but also systems. So it’s foundational to being able to achieve the zero-trust architecture that the DoD is pursuing.
As part of Phase II, we were tasked with building out a production capability of the ICAM solution. Our solution has three main components: you have your identity provider for actually getting your identity – which can be multiprotocol standards based off an identity that can be shared across different enterprises.
And then once you have that identity, it’s verified through a master user record. From there comes the third component of our identity solution, which is an automated account provisioning capability that enables users to assign resources where that individual is able to access those resources.
MeriTalk: ICAM is obviously foundational to zero trust, and we reported last month on DoD’s Thunderdome prototype for zero trust. Does the GDIT contract involve that project as well, or are they different? If so, can you tell us how they differ, or might work together?
Matney: They are different, but they complement each other. ICAM is focused on verifying and validating the identities and having that single identity across the entire enterprise.
Thunderdome has a little bit of a difference to it – it provides the Secure Access Secure Edge (SASE) solution. What that does is provide a secure gateway. As part of that zero-trust network access effort, you need your ICAM to verify the identity, but then you also need to be able to implement an I-can-access-from-anywhere type of concept securely, and that’s what Thunderdome provides.
You’re looking at a complete solution when you integrate ICAM and Thunderdome together to provide that zero trust.
MeriTalk: Can you break down the Phase I and the Phase II work of the contract?
Matney: Phase I was where we had to demo a prototype, and then it was drawn down to two competitors – us and another offeror – and we built out a prototype and demonstrated that capability.
Phase II was to build out our solution and integrate what turned out to be eight mission partner applications into our solution, which was hosted inside this data center ecosystem.
Phase III is taking our solution that wraps in the three main components, which is your identity provider, master user record, and then your automated account provisioning.
So, when we look at the phases, we started off as an initial demo of a prototype, and we built out that capability inside the DISA ecosystem. Now Phase III is bringing it to the cloud and implementing it as an enterprise capability.
MeriTalk: Doing zero trust work for DoD is obviously high-profile stuff. Other agencies are going down the same path, is GDIT’s work for DoD easily transferrable to the civilian side of government as well?
Matney: Yes, it is, because everybody – every enterprise, regardless of where you are in the government, or even individually – requires identity and access management. So when you bring in the credential side of it, and being able to have it where the master user record is centralized – regardless of where your identities are – every Federal agency can benefit from it.
MeriTalk: What’s next for GDIT on this project?
Matney: One of the things that we’re working on is being able to expand this to the edge. So, we’ve teamed up with a non-traditional defense contractor – the same team, same partners we have supporting this enterprise capability with DISA – and we’re building out.
We also partner with Dell, where they’re providing that integrated suite that will make it easy for customers to be able to build, test, and deploy this capability in their environment as well.
We consider ourselves leading the way in this field. We have a proven solution that supports mission partners and we’re super excited about being able to team with DISA in achieving their goal of an enterprise ICAM solution for the DoD.