Take 2: DFAS notice reveals need for file scanning solution

I didn't have my hopes up yesterday when I pinged the Defense Finance and Accounting Service contracting officer yesterday and asked for a copy of a request for information that was not available via Beta.Sam.Gov.

I wanted the RFI the agency posted as it works on a contract involving personally identifiable information. DFAS want as tool to detect, re-mediate and report any issues.

The contracting officer asked for my CAGE and DUNs numbers, neither of which I have. I explained that I was a journalist but I didn’t hear back until today. A short email that said you get the RFI now.

Into Beta.Sam I went. Sure enough, I could download the RFI. It wasn’t clear to me whether it is open to everyone, so here is the document in case you can’t get it yourself.

What is DFAS looking for?

A commercial software tool that can scan content “in motion or at rest" and look into file shares, databases and Sharepoint.

Once an issue is found, the tool should take action -- block, delete, move, quarantine, encrypt or redact.

All major file types need to be scanned -- doc, docx, xls, xlsx, ppt, pptx, pdf, text, htm, html, asp, aspx and optionally mbd and accbd.

The scan will look for information such as social security numbers, bank account information, credit card numbers, birth dates and addresses.

The tool should allow for customized rules and have an interface for handling incidents. When the interface kicks in, it should clearly show at a minimum the name and location of the files with personally identifiable information. DFAS also wants it to show who loaded the file and when.

Comments on the RFI is due Feb. 19. The Beta.Sam Notice ID is 1499076, in case the link doesn’t work.