The Defense Information Systems Agency (DISA) is issuing a Request for Information (RFI) to modernize the Department of Defense (DoD) Secure Access File Exchange (SAFE) system. This RFI seeks solutions to address current challenges such as performance limitations, security vulnerabilities, inadequate data loss prevention, and restricted integration, while enhancing scalability, strengthening security with multi-factor authentication, improving accessibility for non-DoD users, increasing file size capacity to 40GB, and empowering user control over data retention. The modernized solution will update the DoD's CAC-enabled secure file exchange platform, which currently supports 1.5 million users globally. Interested parties are requested to submit white papers by January 13, 2026, outlining their proposed solutions and including Rough Order of Magnitude (ROM) pricing.

DISA's Services Program Executive Office is seeking information to modernize the DoD Secure Access File Exchange (SAFE) system. The current system, accessible via NIPRNet, faces challenges with performance, security, data loss prevention, integration, and usability. The modernized solution aims to enhance scalability, strengthen security with multi-factor authentication and data loss prevention, improve accessibility for external users, increase file size capacity to 40GB, and empower user control over data retention. This Request for Information (RFI) is not a solicitation for proposals but an information-gathering effort. Interested parties are requested to submit a white paper by January 13, 2026, including business details, a Rough Order of Magnitude (ROM) pricing, and addressing the outlined technical requirements and challenges. Questions must be submitted by January 6, 2026.

The government's technical requirements for a secure file transfer system emphasize using an approved External Certification Authority (ECA) for SSL certificates to ensure trusted communication for DoD SAFE. Key requirements include robust system performance and scalability, supporting IPv4/IPv6 (with an IPv6-only goal), autoscaling, file sharing up to 40 GB, and handling 1.5 TB/hour traffic with 99.95% availability and an 8-hour Mean Time to Repair (MTTR). User access requires secure CAC/PKI authentication, tailored access for DoD and guest users, and availability on NIPR/commercial networks. Data security features mandate file type filtering, Zero Trust Data Loss Prevention (DLP) for CUI/PII/PHI, proactive threat protection, comprehensive logging, and compliance with NARA regulations. The system must support email notifications and maintain a secure Authority to Operate (ATO).

The document outlines the technical characteristics and requirements for a government platform, likely a file sharing or data exchange system, focusing on secure and scalable operations. Key aspects include the mandatory use of an External Certification Authority (ECA) for SSL certificates, robust system performance supporting IPv4/IPv6, scalability for high traffic volumes (800 GB/hour threshold, 1.5 TB/hour objective), and high availability (98.5% threshold, 99.95% objective). User access is secured via CAC/PKI authentication, with tailored access for DoD and guest users through NIPR/commercial networks. Data security features include file type filtering, Zero Trust Data Loss Prevention (DLP) for CUI/PII/PHI, comprehensive logging, malware protection, and compliance with NARA regulations. The document also poses questions for potential vendors regarding architecture for performance, large file transfers, malware scanning, guest account sponsorship, Zero Trust alignment, and tiered access for non-DoD partners.