Western Australia Police is looking to the industry to upgrade its current two-factor authentication system, as its current contract expires next year.
WA Police currently uses RSA's tokens as its means of securely providing employees with external access to its systems. It has about 1,172 hardware-based tokens, and 447 software-based tokens available. However, WA Police's support and maintenance contract with RSA expires in June next year, prompting it to go to market for a new provider that can provide 360 tokens (software and/or hardware based) each year.
In its request for tender documents, it stated that its existing arrangements to use RSA equipment is satisfactory. It also stated that if a tender has an alternative solution, it would need to provide the full cost of replacing RSA equipment and transitioning to a different two-factor system. WA Police's own RSA appliances are due to reach their end of life in May 2014.
WA Police has a particular focus on ensuring that the new tokens will be "as minimally intrusive as possible," and it does not require additional software to be installed on user computers.
Other features that WA Police is looking for include the ability to lock out users on a certain number of authentication failures, central management and deployment, and auditing and reporting controls.
In implementing a product, WA Police has taken a leaf out of the Defence Signals Directorate's (DSD) book, highlighting that tenders should comply with a number of controls from the DSD's Information Security Manual.
Tenders close on January 15.