Notice ID: M67854-24-I-4047
Program Executive Officer Digital & Enterprise Services (PEO Digital) requires a long-term solution that will authenticate and authorize remote users and their devices and then allow access to Marine Corps Enterprise Network (MCEN) resources without the vulnerabilities of a Virtual Private Network (VPN) solution. The Government is requesting responses to determine the availability and technical capability of sources to meet the listed set of requirements in the attached request for information.
Marine Corps Systems Command (MCSC), the predecessor to the current organization, Program Executive Officer Digital & Enterprise Services (PEO Digital), was tasked with deploying a solution to allow remote users the ability to connect back to the Marine Corps Enterprise Network (MCEN) from any external location. Until recently, a Virtual Private Network (VPN) solution existed that built an encrypted tunnel between the remote end users’ device, running client software, and the MCEN entry point. This provided the user access to internal MCEN resources once their device and the user were authenticated. Several vulnerabilities, which manifested within a short time span, led to the removal of these devices from operation in order to protect valuable resources from being targeted. PEO Digital requires a long-term solution that will authenticate and authorize remote users and their devices and then allow access to MCEN resources without the vulnerabilities of a VPN solution.
Concurrent with replacement of VPN functionality, the Government is also taking this opportunity to possibly incorporate some of the DoD Zero Trust Target activities. The initial scope will be the MCEN remote user community of roughly 30,000 concurrent users, with the long-term possibility of using this solution to enable Zero Trust Access for internal MCEN user requests to resources. This will require the ability to scale the solution up to approximately 100,000 concurrent users.
Minimum Requirements of a Zero Trust Access Solution:
- The system should be capable of Standalone deployments.
- The system should be capable of hybrid deployments, e.g., on-prem and IaaS.
- The system should support various OS underlays, e.g., Windows and Linux.
- The system should be capable of virtual or physical deployments.
- The solution should support distributed Policy Decision Points and Policy Enforcement Points across the MCEN providing High Availability without manual intervention.
- The system should support 30,000 total concurrent remote users.
- The system should be scalable to support up to 100,000 total concurrent users whether remote or on-prem.
- The system should provide users the ability to access MCEN resources from external network connections.
- The system should provide administrators the ability to access MCEN resources from external network connections.
- The system should provide users the ability to access MCEN resources from internal network connections.
- The system should provide System administrator access authentication using OIDC, SAML, or LDAP.
- The system should provide System administrator access authenticated via USMC implementation of DoD PKI.
- The system should allow multi-tunneling based on MCEN policy.
- The system should integrate with the MCEN architecture and enterprise services …
Want to get involved with OS AI? - A small number of Sponsorship Opportunities are now available here. Starting at $500.