The Department of Defense (DoD) is seeking out commercial solutions to its inventory management system in order to improve its patch management methodology, according to a Jan. 15 solicitation.
“Today, DoD is adopting a rapid patch methodology. The IT/Cyber community is alerted about newly discovered vulnerabilities that need to be patched,” the announcement states. “A comprehensive inventory gives the foundation for reducing patch timelines to address a network’s vulnerabilities before it becomes a victim of an attack.”
Custom-built systems for inventory management at DOD, the agency said, do not work with market solutions, work efficiently, or integrate vulnerabilities and patch prioritization across the network. Improving this system will shorten the patch management timeline, the Pentagon said.
“DoD seeks a rapid inventory management solution to identify all its network assets and profiles of each asset accurately and efficiently … The end product will provide a more comprehensive, accurate, and timely inventory management solution. This view of systems on the network will give a more accurate view of vulnerabilities and patches required,” DoD says in the solicitation.
Among other requirements, proposed solutions should:
- Demonstrate the ability to support 3 million active users and 11 million endpoints once deployed;
- Integrate time constraints to support lifecycle replacement of hardware and software;
- Provide a data export capability compatible with DoD’s existing data repository;
- List all managed and unmanaged assets; and
- Discover systems on and off the DoD network.
DoD will be accepting solution briefs until Jan. 24.