WHAT IS NIST? THE COMPLETE GUIDE TO THE NIST CYBERSECURITY FRAMEWORK
Explore this comprehensive guide on how the NIST Cybersecurity Framework can be applied to your organization.
Why DoD SAFE Replaced AMRDEC SAFE and What It Means for Your Business
AMRDEC SAFE was the leading solution in the government file-sharing space for a long time. However, given the increasing demands of security and file capacity, AMRDEC was replaced with a new solution called DoD SAFE
FTP Today provides standards-compliant secure file-sharing software solutions to government clients and contractors. As a provider, we understand just how important it is for customers, users, and anyone involved in the industry to understand why this change has occurred and the next steps required, which is what we will cover in this article.
What Was AMRDEC SAFE and What Did It Do?
Aviation and Missile Research, Development, and Engineering Center Safe Access File Exchange, known as AMRDEC SAFE, was a file transfer service provided by the U.S. military as a method for agencies and contractors to share large files. It was primarily used to transfer sensitive – but not classified – defense information. It was originally intended for file exchange with government agencies but, as it was loosely controlled, it was also used for contractor-to-contractor file exchange.
AMRDEC SAFE was shut down temporarily last year due to vulnerability and security concerns with the service. This temporary shutdown revealed the need for broad changes to the way files were shared to ensure data security. That was the last we saw of AMRDEC SAFE.
Now, users are being redirected to a new site, with an upgraded service: DOD SAFE. This is the alternative created and offered by the Department of Defense (DoD) and contractors will be expected to transfer to the new solution.
DoD SAFE offers a larger capacity for file transfers and increased security measures to keep sensitive data safe during transfer. Users can rely on this new solution for end-to-end encryption, among other benefits which we’ll explore below. Also, this time around it cannot be used except for direct file exchange with federal agencies. This leaves contractors and subcontractors to seek out a commercial solution when exchanging files with each other.
How Is DoD SAFE an Improvement on AMRDEC SAFE?
There were two usability gaps with AMRDEC SAFE that needed to be addressed: file transfer size and security.
First, DoD SAFE enables file transfers as large as 8 GB. With AMRDEC SAFE, the old solution, 2 GB was the maximum size for file transfers. In addition to an increase in file size, you can also download multiple files at once and send up to 25 files at a time. Also, AMRDEC SAFE only allowed for files to be accessed for up to two days, while DoD SAFE now allows for files to be accessed for up to seven days.
Who is able to use DoD SAFE to send and receive files? Anyone with a .gov or .mil email address will have access to this service. It’s a viable file transfer option for some government contractors and subcontractors.
In terms of security, DoD SAFE now offers optional package level encryption, meaning end-to-end encryption protecting files at rest. This level of encryption is a significant upgrade from the security flaws of AMRDEC SAFE.
However, DoD SAFE is not without its limitations.
What limitations does DoD SAFE bring?
This solution was never designed to be an enterprise-level file sharing service. First, the limitation on the number of files you can send at one time could present issues if your organization needs to share a large number of files on a regular basis, as many organizations do.
This holds true for the file size limitations, too. While 8 GB is an upgrade from 2 GB, this still may not meet the needs of many organizations. This could mean breaking up large files into multiple transfers, which is both inconvenient and inefficient. This could lead to file mix-ups and lost or corrupted data.
Also, DoD SAFE requires a Common Access Card (CAC) to use the service. Obtaining a CAC is no easy task and could present a major burden for your organization.
With AMRDEC on the way out, these limitations could pose major issues for users who must move to DoD SAFE, especially obtaining access to a Common Access Card.
What Does DoD SAFE Mean for Your Company?
If you intend on using DOD SAFE to share files, you first need to obtain a CAC. This is a four-step process:
- Step 1: Sponsorship & Eligibility - To apply for a CAC, you must be sponsored by a Department of Defense official. This person must verify your need for a CAC.
- Step 2: Registration & Enrollment - Next, you need to register with the Defense Enrollment Eligibility Reporting System (DEERS) with your sponsor. Moreover, if you change roles (i.e. moving from active-duty to contractor status) you will also need to re-register with DEERS. Contractors need to take the specific step of registering with the Trusted Associate Sponsorship System (TASS) by a Trusted Agent.
- Step 3: Background Investigation - You will also need to pass a background check initiated by your sponsor. The background check process requires you to pass a Federal Bureau of Investigation (FBI) fingerprint check and a National Agency Check with Written Inquiries (NACI) check. Because this part of the process may take up to 18 months, you may receive your CAC before these checks are processed. If you receive your CAC and fail to pass the checks, your CAC will be revoked.
- Step 4: Obtaining Your Card - Finally, you need to visit the Real-Time Automated Personnel Identification System (RAPIDS) site for final verification and processing. This verification step requires you to have two forms of identification, a six to eight digit PIN, and a government unclassified email address if you plan to use a government computer. Once you’ve completed all the necessary steps, you’ll receive your CAC.
If the process of obtaining your CAC is too strenuous or you don’t believe DoD SAFE will meet your file sharing needs, you may need to use a secure file sharing solution as your DoD SAFE Alternative. These solutions, depending on the option you choose, will allow for larger file transfers and have the strict security measures needed to protect your data.
To learn more about your secure file sharing options, review our free Comparison Guide to see the alternatives.
About Arvind Mistry
Arvind is Director of Compliance and Programs at FTP Today. He came to FTP Today with 11+ years of experience in offering cloud solutions to the Federal Government and public sector channels at companies such at Rackspace, IBM, UNICOM, A10 and Radware Alteon. He is based in the Washington, D.C. area.