Air Force develops maturity model for zero trust across the department
The Air Force is developing a maturity model to help broaden its implementation of zero-trust principles in the foundation of its network architecture, its top IT official said Thursday.
The Air Force has found success with initial zero trust projects, like Platform One, the service’s DevSecOps initiative where the network architecture is built with no “trust” or wide access is given to any user, whether familiar to a network or not. Now, the Air Force is trying to move beyond individual projects to implementing zero-trust principles at the enterprise level, Lauren Knausenberger, Air Force CIO, said Thursday during a Dcode event.
“The vision is for the future to be completely zero trust…where we are able to collaborate seamlessly with all of our allies,” she said.
The maturity model will help network administrators and IT professionals across the Air Force bring their architectures in line with zero trust. The model highlights critical elements of the process like ensuring proper data tagging and access management. The Air Force is also working on an enterprise identity, credentialing and access management (ICAM) certification to be able to more securely recognize users.
“We have these little pockets of zero trust, but we are also doing some basics right now,” Knausenberger said.
The maturity model will serve as part of the Air Force’s “road map” to zero trust. It’s unclear how long the journey will take, but tech leaders in the department have been talking about zero trust for months, especially during the pandemic.
“We have a road map there,” Knausenberger said, adding “that we have to do a better job of funding the road map.”
Knausenberger also made some news about Platform One, which is building a secure environment for companies to use once they have received Small Business Innovative Research contracts to work with the Air Force. This will allow contractors to work on more sensitive projects without having to invest in their own government-approved, secure systems.