dod enterprise mobility

UNCLASSIFIED 1

UNCLASSIFIED

DISA: TRUSTED TO CONNECT, PROTECT AND SERVE!

DoD Enterprise Mobility

Ms. Ashley Rozier

Deputy Division Chief, DoD Enterprise Mobility

28 October 2021

UNCLASSIFIED 2

UNCLASSIFIED


DISCLAIMER

The information provided in this briefing is for general information

purposes only. It does not constitute a commitment on behalf of the

United States Government to provide any of the capabilities, systems or

equipment presented and in no way obligates the United States

Government to enter into any future agreements with regard to the same.

The information presented may not be disseminated without the express

consent of the United States Government.

UNCLASSIFIED 3

UNCLASSIFIED


Agenda

• DoD Enterprise Mobility Service Offerings

• DoD Mobility Unclassified Capability

• DoD Mobility Classified Capability

UNCLASSIFIED 4

UNCLASSIFIED


DoD Enterprise Mobility Service Offerings

UNCLASSIFIED 5

UNCLASSIFIED



DoD Mobility Unclassified

Capability

DoD Mobility Classified

Capability - Secret


Capability – Top Secret

Provides Government-owned mobile device access to Unclassified

Department of Defense Information Network (DoDIN) and commercial

information services.

• Enterprise Mobility Mgt – MDM, MAM• Mobile Application Stores (commercial

and private)• PKI Credentials (Purebred)

• Gov’t Email Access• M365 Tenant Support and Integration

• High Availability (Dual Gateways)• Commercial Voice

• 24/7 Service Support

Provides Government-owned mobile devices access to Classified Secret

Department of Defense Information Network (DoDIN) information services.

• CSfC Registered Solution• Mobile Device Management

• Global Service Area• Classified Email

• Data-in-Transit and Dual VPN / Data-in-Transition Protection

• Secure Enterprise (Secret) Voice• High Availability (Dual Gateways)

Provides DoD Limited Distribution service mobile device access to

Classified Top Secret Department of Defense Information Network (DoDIN)

telephony services.

• CSfC Registered Solution• Mobile Device Management and Policy

Enforcement• Federal Information Processing

Standards IP Security VPN

• Global Service Area• Secure Voice (TS Collateral)

• High Availability (Dual Gateways)• Phone only

Total Users = ~8000 DoD, NLCC, Federal*Total Users = ~142,000 DoD* Total Users = ~400 DoD, NLCC*, Federal

Phone/Tablet Phone/Tablet/Laptop (WINDAR-S) Phone Only

UNCLASSIFIED 6

UNCLASSIFIED



DoD Mobility Unclassified

Capability


Capability – Top Secret

Phone/Tablet Phone/Tablet/Laptop (WINDAR-S) Phone Only

NextGen Device (NGD)• Samsung Galaxy S20

• Delivery: TBD

Infrastructure/Network Changes• CMS/Gold Dialing

• DRSN Site Diversity

• Functions Domestically and Internationally

• Sensitive Compartmented Information (SCI)

Business Case Analysis

Increase User-Base• Increase beyond 500 devices

• Delivery: TBD

NextGen Devices (NGD) • Samsung Galaxy S20

• Samsung Galaxy TabS7

• Available via DISA

Storefront (DSF) BPA

• Dual Data-at-Rest (DualDAR)

• Secure Voice and Instant Messaging (IM)

• Offers Outlook Web Access and select

productivity applications

• Failover for Voice and Data, International

Access and Device Management

WINDAR-S • Dell Latitude 7320

• Available via DSF BPA

• Additional peripherals

• Delivery: Q4 FY21

M365 Mobile Applications

• Phase 1 Apps Now Available

• Phase 2 Apps Coming Jan 2022

M365 IL5 Tenant Integrations• DoD365: Completed

• Army 365: In-progress

Infrastructure Changes and Mobility

Gateway Capacity Expansion• Recently completed extensive capacity

expansion effort to support additional 365

users on VPN in Oct ’21


Capability - Secret

UNCLASSIFIED 7

UNCLASSIFIED


DoD Mobility Unclassified Capability

UNCLASSIFIED 8

UNCLASSIFIED


DMUC Snapshot

Telecoms Supported

▪ 89 Carriers Globally (Verizon and

AT&T largest)

Countries Served

▪ Devices in 117 Countries

▪ 92% in U.S., 8% in other countries

▪ Hosting at 3 data centers within U.S.

Telecom Carriers & Global Reach

Customers Overview

▪ DMUC serves 50+ orgs across DoD

▪ ~140k DMUC Users

▪ ~ 3,000 VIPs

Devices and OS Overview

▪ 135k+ iOS 14.x

▪ 6k+ Android 9.x – 11.x

Customers & Devices

▪ $3.97 / Device / Month

▪ Mobile App Store (1,300+ apps)

▪ Tier II (24x7) & Tier III (8x5) Support

▪ Recent ATO, authorized Sept ’21

▪ Integrated with Army365 and DoD365

▪ Supported Products List, NIAP

Certified, FIPS 140-2 Validated

Customer Engagement

Proactive stakeholder and customer

engagement are critical to DMUC success:

▪ Interactive monthly meetings and Q&As

▪ Mobility Service Portal (MSP)

announcements and users guides

▪ DMUC System Health Status Page

updates for help desk and users

▪ Dedicated Product Support resources

Service Highlights

DMUC: DoD enterprise service offering enabling government-owned Mobile Devices access to Unclassified Department of

Defense Information Network (DoDIN), Microsoft 365 (M365) Impact Level 5 (IL5) tenants, and commercial information services.

Upcoming Initiatives

UNCLASSIFIED 9

UNCLASSIFIED


VPN CapacityExpansion &

Routing Optimization

Effort: Completed efforts to expand VPN Capacity and upgrade circuits, to support up to 240k users (includes backup).

Impacts: VPN increase supports Army, DoD 365 users; streamlined routing improves the end user experience.

DMUC Highlights from Current and Upcoming Efforts

Mobile Endpoint

Protection (IOC)

Effort: Currently in the IOC deployment Phase, the Zimperium solution enhances DMUC mobile device security by protecting against threats at the application, network, and Operating System-levels and provides visibility and control over data leaks.

Impacts: Provides a path forward to open the App Stores for personal use and bolsters DMUC security posture.

M365 Support & Feature

Enhancements

Effort: Mobility engineering follow-on support for remaining DoD365 and Army365 migrations and customer requirements.

Impacts: Phase 2 apps-vetting and deployment; sub-org onboarding to DMUC; NPE Mailbox Enablement; ad hoc technical support.

Upcoming Efforts: DMUC is planning and targeting deployment of additional mobile service capabilities and features through FY23.

Current Efforts: DMUC is driving multiple efforts to enhance enterprise mobility service and customer experience.

• BYOAD – Operationalizes pilot effort, expands existing DMUC service catalog, enables access via non-GFE devices, and supports customer growth.

• M365 App Vetting and Deployment (Phase 2) – Additional mobile productivity apps will be made available to DMUC users; targeted for Jan ’22.

• Mobile Endpoint Protection (FOC) – Deploys Zimperium to remaining customers, provides path forward to open up App Stores for personal use, and bolsters DMUC security posture.

• Purebred Re-enrollment – PKI Certificate Authority (CA) change requires DMUC user PB reenrollment; supports 3rd party app developer changes, iOS testing, and reenrollment user task required for PB to continue working on DMUC devices.

• Multi-Tenant M365 Support – Enables MDM integration with multiple IL5 Tenants and aims to expand existing functionality of MI Core to share device compliance data with more than one IL5 tenant (i.e., DoD365, Army365, etc.).

UNCLASSIFIED 10

UNCLASSIFIED


DoD Mobility Classified Capability

UNCLASSIFIED 11

UNCLASSIFIED


DMCC-S: Provides Government owned mobile devices access to Classified Secret DoDIN information services

DMCC-TS: DoD Limited Distribution service providing mobile device access to Classified Top Secret DoDIN telephony services

DMCC-S & DMCC-TS Snapshot

DMCC-S Telecoms Supported

▪ AT&T

DMCC-S Hosting Sites

▪ Hosted and managed at DISA Data

Centers

▪ Deployed global load-balancing for NGD

DMCC-TS Telecoms Supported

▪ AT&T

DMCC-TS Hosting Sites

▪ Hosted and managed at DISA Data

Centers

Telecom Carriers & Global Reach

DMCC-S Customer Overview

▪ DMCC-S serves many DoD Orgs

▪ ~8000 DMCC-S Users

▪ ~1800 VIPs

DMCC-S Devices and OS Overview

▪ ~6000 Legacy Android Devices (S7/TabS3)

▪ ~300 Next Generation Devices (S20/TabS7)

▪ ~1500 WINDAR-S Devices

DMCC-TS Customer Overview

▪ Senior leaders and continuity stakeholders

across DoD and NLCC

▪ ~400 DMCC-TS Users

DMCC-TS Devices and OS Overview

▪ Samsung Galaxy S7

▪ AT&T Unite Express 2 Retrans. Device

Customers & Devices

DMCC-S

▪ NGD / SMR1 Deployment (S) – Q4 FY21

▪ NGD/DoD365 IL6 Integration (S) – Q2 FY23

▪ NGD / Productivity Apps

▪ $80.12 / DMCC-S Device / Month

▪ $290.38 / WINDAR-S / Month


▪ MACP 2.1 & DARCP 5.0 Registered

DMCC-TS

▪ NGD / Infrastructure - Q2 FY22

▪ CMS / Gold Dialing – Q2 FY22 (projected)

▪ $80.12 / DMCC-TS Device / Month


▪ MACP 2.1 Registered

Service Highlights

UNCLASSIFIED 12

UNCLASSIFIED


NextGen Device /

Infrastructure (NGD/I)

ECD: Q2 FY22*

Evaluate, test, and deploy the Next-Generation DMCC-TS Device

Provides the next-generation DMCC-TS device baseline with new device features, enhanced security and device recency

DMCC Highlights of Current Efforts

CMS / Gold Dialing

ECD: Q2 FY22

Establish calling to Gold network via CMS to address MPEO/RAO requirement and technical exchange meeting between

PMO, WHCA and DRSN stakeholders

Increase capabilities for U.S. government senior leaders with a critical role in national security and defense

Current Efforts: DMCC-TS is upgrading device form factor and expanding critical classified services to support senior U.S.

government leaders.

Current Efforts: DMCC-S is rapidly expanding NextGen Device capabilities and focused on improving Mission Partner/user

experience.

Provisioning / Tier III

Improvement (S/W)

ECD: Ongoing

Evaluate current provisioning and Tier III processes and identify improvement and surge opportunities

Increases long term provisioning rate / output to reduce current backlog of devices and plan for legacy device reprovisions

Productivity App and

DoD365 IL6 Integration

(S)

ECD: Q2 FY23

Identify interim-productivity app. and plan for long-term integration with DoD365 (IL6) infrastructure and services

Leverages data-at-rest enablement to provides additional productivity apps and capabilities to improve user experience

UNCLASSIFIED 13

UNCLASSIFIED


DMCC-S Future Activities & Workstreams

Samsung Email Pilot (S)

Pilot Samsung Email client on NGDs

Enhances features, functionality, and user experience for MPs

(W) = WINDAR-S (S) = DMCC-S

Provisioning Enhancements

Future Device AoA (S)

Q1 FY22 Q2 FY22 Q3 FY22 Q4 FY22FY23

Next-Gen WINDAR-S (W)

Legacy Device Sunset (S/W)

MACP v2.5 and DAR 5.0 CP Registration (S/W)

Next Generation WINDAR-S

Develop and pilot test of Next-Generation WINDAR-S.

Enhanced security for MPs and additional device diversity

Legacy Device Sunset (S/W)

Sunset for legacy DMCC-S devices and retransmission devices

Supports security and maintaining compliance with NSA

requirements

MACP v2.5 and DAR 5.0 CP Registration (S/W)

Register against NSA CSfC CPs

Validates security compliance with NSA CSfC CPs

Future Device AoA (S)

Early evaluation and testing of next DMCC-S device

Deployment of new DMCC-S device to MPs

Provisioning Enhancements

Deploy next gen devices

Deployment of new DMCC-S device to MPs

DoD365 IL6 Integration (S)

Integrate with DoD365 infrastructure and services

Deploy DoD365 enterprise services to MPs*Full prod. integration start TBD

Samsung Email Pilot (S)

Projected Transition to Enterprise Gray PKI

Transition devices 12-month interim-Gray certs. to

Enterprise Gray CA

Security and compliance with NSA requirements

Project Transition to Enterprise Gray PKI

DoD365 IL6 Integration (S)*

UNCLASSIFIED 14

UNCLASSIFIED


DMCC-TS Future Activities & Workstreams

SCI Evaluation

Q1 FY22 Q2 FY22 Q3 FY22 Q4 FY22

MA CP 2.5 Integration

FY23

Next-Gen DMCC-TS Deployment

DRSN Site Diversity

NextGen DMCC-TS Deployment

Develop the next generation DMCC-TS Device

Provides a next-generation DMCC-TS device baseline with new

device features, enhanced security and device recency

MACP 2.5 Registration

Register against NSA CSfC CPs

Validates security compliance with NSA CSfC CPs

DRSN Diversity

Establish additional DRSN site

Additional DRSN site to reduce operational impact to DMCC-TS

Mission Partners

Sensitive Compartmented Information (SCI) Evaluation

Evaluate business case for SCI capability and SCI consolidation

Informs DISA on viability of deploying TS/SCI service offering

given current policies, infrastructure, and constraints

Provisioning Organization Consolidation

Realign and consolidate resources for DMCC-TS provisioning

Resources remain agile, facilitates cross-training, and

maximizes skills and abilities of personnel across the

workforce

Provisioning Org. Consolidation

UNCLASSIFIED 15

UNCLASSIFIED


DEFENSE INFORMATION SYSTEMS AGENCY

The IT Combat Support Agency

/USDISA @USDISADisa.mil

UNCLASSIFIED 16

UNCLASSIFIED


Obtaining DMUC Service Process Overview

UNCLASSIFIED 17

UNCLASSIFIED


Approximately 10-17 Days Total Business Days

Devices, Licensing, Hotspots, and service

plans available

DISA

Dependencies

Device is onboarded

User and device certificates are

generated; Devices are placed in queue

MP contacts SMIT to indicate interest

Device is configured, hardened, and shipped

to MP

MP has SIPR account (receipt of PIN), has authorized devices, completed documentation, DISA Storefront (DSF) access and information (Program

Designator Code (PDC), Authorized Requesting Official (ARO) & Authorized Funding Official (AFO) roles): https://disa-storefront.disa.mil/dsf/home

MP has provided all order approvals

Secure Mobility Infrastructure Team (SMIT) / Provisioning

MP completes internal DSF

approvals

Approx. 5-10 Days

3. User Configuration1. Preparation4. Device

Provisioning2. Ordering

Approx. 5-7 Days

Mission Partner

Certificates are generated, services

available

Ensure access to services MP (may require

additional whitelist)

Mission Partner (MP) SMIT

Mission Partner Request Fulfillment Process OverviewDMCC-S and WINDAR-S

Interactions with DoD Mobility (SD) as needed

https://disa-storefront.disa.mil/dsf/home

UNCLASSIFIED 18

UNCLASSIFIED


Approximately 10-17 Days Total Business Days

Devices, Licensing, Hotspots, and service

plans available

DISA

Dependencies

Device is onboarded

User and device certificates are

generated; Devices are placed in queue

MP contacts SMIT to indicate interest

Device is configured, hardened, and shipped

to MP

MP has SIPR account (receipt of PIN), has authorized devices, completed documentation, DISA Storefront (DSF) access and information (Program

Designator Code (PDC), Authorized Requesting Official (ARO) & Authorized Funding Official (AFO) roles): https://disa-storefront.disa.mil/dsf/home

MP has provided all order approvals

Secure Mobility Infrastructure Team (SMIT) / Provisioning

MP completes internal DSF

approvals

Approx. 5-10 Days

3. User Configuration1. Preparation4. Device

Provisioning2. Ordering

Approx. 5-7 Days

Mission Partner

Certificates are generated, services

available

Ensure access to services MP (may require

additional whitelist)

Mission Partner (MP) SMIT

Mission Partner Request Fulfillment Process OverviewDMCC-S and WINDAR-S

Interactions with DoD Mobility (SD) as needed

▪ Increase Provisioners▪ Upgrade Provisioning

Stations

5

▪ Expedite Certificate Generation

▪ Decentralize Admin. Processes

4

▪ New Knowledge Management Portal

▪ Standardize Forms

▪ New Mission Partner Documentation

▪ NextGen Devices▪ New Retrans. Devices

1

3

2

Enhancements will address inefficiencies, improve technical capabilities, leverage training and reduce site-related challenges to

improve the service delivered to MPs.

https://disa-storefront.disa.mil/dsf/home

dod enterprise mobility

Documents