DoD Cloud Contract Proposals Must be Submitted on DVDs

[AlphaAtlas]

In July, the Department of Defense announced that it would be taking proposals for the $10 Billion Dollar JEDI Cloud Computing Contract. In a bizarre sounding update to the contract, the DoD said it would only accept submissions in the form of DVDs delivered by hand on October 12, 2018. The DVD format is 23 years old, which might suggest that the Department of Defense really does need an infrastructure upgrade. However, with an increasing number of high profile security concerns related to USB sticks, not to mention online data transfers, the DoD's decision to stick to DVDs makes sense.

In lieu of electronic submission, an Offeror’s entire proposal shall be captured on one or more DVDs and submitted in person only. No other forms of submission will be accepted. Each DVD shall be clearly marked to show the proposal volume number, solicitation number, Offeror’s name, and, if applicable, restrictive legend.

 

[katanaD]

one can still have an autoplay DVD

Also, how are people to go over the proposals on their iPad's ??

 

[IdiotInCharge]

All about security, and it remains a standard practice.

Like the nuke silo machines still using floppies, I expect DoD to be using optical write-once media for years beyond the media's disappearance from general consumer availability.

 

[vegeta535]

Wow they skipped the CD and went straight to the DVD. Guess the floppy drive finnaly got the boot.

 

[capt_cope]

Every RFP we've participated in (not govt. work either) has required all electronic files be submitted on CD or DVD. This is pretty standard practice from what I can tell. I know I wouldn't be plugging an unknown USB drive into any computer I cared about.

 

[SomeoneElse]

Makes sense to me, USB drivers are questionable at best for security. I've heard from a few security guys that brand new out of a seal package they have found maleware on. So whatever company is making the USB is compromised at the source.

 

[Krazy925]

DVDs were common before I got out in 2013. We used CDRW/DVDRW though so we can add info. USB sticks were banned early for us because 10th mountain 2nd brigade is where Bradley Manning stole documents from, which was our parent brigade, and I walked by his old office on an almost daily basis. I wasn’t even allowed to charge my phone in our battalion laptop— which given the previous info makes sense.

No surprise here.

 

[CombatChrisNC]

Can you encrypt-to-open a DVD like you can Bitlocker a USB?

I think it's neat. It's really not an inconvenience to the size of the companies which are even looking at this contract.

 

[GT98]

one can still have an autoplay DVD

Also, how are people to go over the proposals on their iPad's ??

Autoplay can be disabled and iPads aren't as ubitious as you think they would be in goverment service.

 

[IdiotInCharge]

Autoplay can be disabled and iPads aren't as ubitious as you think they would be in goverment service.

Getting pretty hard to fuse all of the radios off and disable all forms of wired data transfer on these newer ones, right?

 

[Dead Parrot]

one can still have an autoplay DVD

Also, how are people to go over the proposals on their iPad's ??

Depends on the patch level of the OS. Since it is DOD, might still be on XP.

The average line employee probably doesn't have anything as advanced as an iPad. Most of that end of fiscal year spending you often hear about rarely goes to the employees that do the work, it usually goes to the management types that assign the work.

 

[GT98]

Getting pretty hard to fuse all of the radios off and disable all forms of wired data transfer on these newer ones, right?

I've been around the DOD since 2001 full time in various IT roles-and I've seen zero iPads in use- even in DOD supporting industry they don't use them.

 

[IdiotInCharge]

Since it is DOD, might still be on XP.

Eh?

DoD decided to get all progressive recently and pushed out 10 literally everywhere. I'll bet that the transition is not complete, but man have they done a pretty good job, and with respect to enterprise security, 10 is looking quite nice.

 

[GT98]

Depends on the patch level of the OS. Since it is DOD, might still be on XP.

XP is way overstated in use with the DOD-the only reason its being used is that the hardware can't support a newer verison (test equipment that isn't attached to a network anyways) or the costs are prohitibitve.

 

[katanaD]

10th mountain

LOL.. i left in 89. Wonder if watertown has the same "oddity" about it still

 

[GT98]

LOL.. i left in 89. Wonder if watertown has the same "oddity" about it still

It did when I visited there 10 years after you left. I've found that most military posts have a werid vibe to them when you are assigned to them, but if you live/work on them as a civilian its not as weird.

 

[Krazy925]

LOL.. i left in 89. Wonder if watertown has the same "oddity" about it still

It did when I visited there 10 years after you left. I've found that most military posts have a werid vibe to them when you are assigned to them, but if you live/work on them as a civilian its not as weird.

If by oddity you guys mean a shit ton of crack heads and working women, then yes, yes it does.

5.5 years later and I still can’t wash the stink off from the bars down there. Syracuse and the girls who went there were the one bright spot on an otherwise shit stain of a town.

 

[Oldmodder]

As long as the DoD dont do what the Danes do.
That be unencrypted DVDs and then send then to the Chinese embassy.

 

[GT98]

If by oddity you guys mean a shit ton of crack heads and working women, then yes, yes it does.

5.5 years later and I still can’t wash the stink off from the bars down there. Syracuse and the girls who went there were the one bright spot on an otherwise shit stain of a town.

Its not like Watertown has much in the way of industry or jobs to support the locals with-so you'll see more of that crap around military posts.

I was at Fort Knox and went to the NCO Club a few times while in AIT-the place was off the hook with lots of people (non military I should say)-the reason why is the counties around it where "dry" towns and you couldn't by alcohol in them!

Even the towns around Fort Dix/McGuire/Lakehurst are scheky to a point (mostly in burlington co) but your also only 20-30 minute drive to beach or 30-40 minutes to Philly or about an hour to NYC-I used to laugh when I heard military people complain there was nothing to do in the area-you had to drive more then 10 minutes.

 

[SomeoneElse]

If by oddity you guys mean a shit ton of crack heads and working women, then yes, yes it does.

5.5 years later and I still can’t wash the stink off from the bars down there. Syracuse and the girls who went there were the one bright spot on an otherwise shit stain of a town.

Watertown exists because of the base anyway....it was pretty trashy, never understood why the guys on base always wanted to go looking for girls in that area. I avoided all that when I was there.

 

[theBrownLlama]

still remember those spiked usbs that can fry your system? i do

which is why i always use my colleague's comp to try any usbs first

 

[Bigdady92]

The DoD is like the OpenBSD of the gov't. If they can't get it to work on a goddamn toaster over and over engineer it survive a nuclear holocaust they don't want it.

Our biggest integration headaches come from DoD's insane requirements and they are by FAR the worst when it comes to troubleshooting.

 

[dvsman]

From some of the procurement and legal things I've dealt with, they switched to CD/DVD as an upgrade because before it was stacks of paper. We're talking hundreds of pages of specifications, contracts, TORs, certifications, signatures and more signatures. So rather than delivering that by the carton, it's now a fedex envelope with a few optical discs in it.

 

[Jim Kim]

I'm amazed that they didn't require FAXing them in.

 

[Tak Ne]

WHAT? I had my proposal all ready on punch cards & 8 inch floppy discs.

 

[Dead Parrot]

Eh?

DoD decided to get all progressive recently and pushed out 10 literally everywhere. I'll bet that the transition is not complete, but man have they done a pretty good job, and with respect to enterprise security, 10 is looking quite nice.

Glad to hear. Not a big Win 10 fan but this implies that most of the old hardware was also updated. Curious how they deal with the telemetry, forced updates and stuff that even the normal Enterprise level still has? Or did the DOD get a special version like China did?

 

[bigdogchris]

WORM media is a good idea if it will be passed around in a secure location.

 

[RealBeast]

WHAT? I had my proposal all ready on punch cards & 8 inch floppy discs.

Yes, everything should be on punch cards, but don't forget to make the big X in case you drop the box on the way to the computer lab building.

 

[kju1]

DVDs were common before I got out in 2013. We used CDRW/DVDRW though so we can add info. USB sticks were banned early for us because 10th mountain 2nd brigade is where Bradley Manning stole documents from, which was our parent brigade, and I walked by his old office on an almost daily basis. I wasn’t even allowed to charge my phone in our battalion laptop— which given the previous info makes sense.

No surprise here.

USB sticks can still be used with proper authorizations. USB device are not banned. My keyboard is USB as is my mouse. Its all about authorizations and the risk they want to take.

This is likely never going to touch a classified network and if it did it would be heavily scrutinized first. Its just going onto some system they have and whoever is accepting it doesnt want to do the paperwork to deal with USB sticks.

 

[Krazy925]

USB sticks can still be used with proper authorizations. USB device are not banned. My keyboard is USB as is my mouse. Its all about authorizations and the risk they want to take.

This is likely never going to touch a classified network and if it did it would be heavily scrutinized first. Its just going onto some system they have and whoever is accepting it doesnt want to do the paperwork to deal with USB sticks.

CAC readers are USB so of course it’s not all USB devices.

That order came down from the full bird and as a specialist who got along with him— who am I to argue. I did my time and moved on. Still a fun time though.

 

[kju1]

CAC readers are USB so of course it’s not all USB devices.

That order came down from the full bird and as a specialist who got along with him— who am I to argue. I did my time and moved on. Still a fun time though.

I was mainly referring to DoD wide policy. Individual organizations can of course implement stricter policies based on their local mission needs.

 

[tikiman2012]

Cause malicious code could never find it's way onto DVD's. Then they go & publicize this DVD requirement? That just seems stupid to me.

 

[lcpiper]

LOL.. i left in 89. Wonder if watertown has the same "oddity" about it still

I can't say. But I do remember this bar downtown back when there were no wavers for smoking, all the peeps standing outside in the fucking snow to get a smoke in. It was pretty barbaric actually. Now all the bars and restaurants have waivers allowing them to have smoking sections if their air filtration is adequate. Of course the cities charge money for those wavers. A racket is always a racket.

 

[lcpiper]

The DoD is like the OpenBSD of the gov't. If they can't get it to work on a goddamn toaster over and over engineer it survive a nuclear holocaust they don't want it.

Our biggest integration headaches come from DoD's insane requirements and they are by FAR the worst when it comes to troubleshooting.

LOL, he said FAR ......

https://www.acquisition.gov/browsefar

 

[lcpiper]

Glad to hear. Not a big Win 10 fan but this implies that most of the old hardware was also updated. Curious how they deal with the telemetry, forced updates and stuff that even the normal Enterprise level still has? Or did the DOD get a special version like China did?

It's pretty simple really. They have set guidance that everything must be up to date, and if it isn't up to date, a plan must be written to get it up to date, and implemented, and completed. There are exceptions but they are far and few between and must be justified and how they are going to work their way out of the problem has to be laid down. It's that or you get shut down.

My networks aren't even connected to anything, no lines outside the building, and we still have to comply with the guidance.

 

[lcpiper]

USB sticks can still be used with proper authorizations. USB device are not banned. My keyboard is USB as is my mouse. Its all about authorizations and the risk they want to take.

This is likely never going to touch a classified network and if it did it would be heavily scrutinized first. Its just going onto some system they have and whoever is accepting it doesnt want to do the paperwork to deal with USB sticks.

Like everything else, things differ across commands and branches. Some places are more draconian and others have different needs. The guy you were quoting was talking about a time immediately following Manning's espionage, and the Unit where the event occurred. Draconian hardly describes how crazy they must have went on things at that time.

If anyone takes offense at my calling Manning's actions treasonous, I will simply point to the outcome of the courts in justification;

She was convicted by court-martial in July 2013 of violations of the Espionage Act and other offenses, after disclosing to WikiLeaks nearly 750,000 classified, or unclassified but sensitive, military and diplomatic documents

https://en.wikipedia.org/wiki/Chelsea_Manning

 

[Extra-Titanian]

Depends on the patch level of the OS. Since it is DOD, might still be on XP.

The average line employee probably doesn't have anything as advanced as an iPad. Most of that end of fiscal year spending you often hear about rarely goes to the employees that do the work, it usually goes to the management types that assign the work.

To be fair, I usually spend the better part of the fiscal year telling everybody to tell me what they want and they all either ask me for shit that we can't buy with the allocated funds and they get all pissy, or they wait until after the closeout date to tell me that they need a bunch of stuff yesterday, and then they get all pissy. And then they spend a majority of the next fiscal year bitching because last years funds got spent on "bullshit" that "we" don't need because "nobody cares about them".

I'm amazed that they didn't require FAXing them in.

You can laugh, but we just got a new one for the building.

 

[tweaked]

Depends on the patch level of the OS. Since it is DOD, might still be on XP.

The average line employee probably doesn't have anything as advanced as an iPad. Most of that end of fiscal year spending you often hear about rarely goes to the employees that do the work, it usually goes to the management types that assign the work.

DOD? Baby, They've been on Windows 10 for awhile.

 

[tweaked]

Cause malicious code could never find it's way onto DVD's. Then they go & publicize this DVD requirement? That just seems stupid to me.

DVD's are a controlled attack vector. USB sticks can have malicious code in the firmware. And having an online intake is just begging for trouble.

Discs are heavily scrubbed on secure air gapped machines before anyone looks at em.

 

[tweaked]

I'm amazed that they didn't require FAXing them in.

It can actually be a real pain in the ass that there are no faxes in the building.