ATARC intends to merge agency and vendor zero trust working groups
The Advanced Technology Academic Research Center’s parallel zero trust working groups for federal agencies and vendors intend to merge once the government side establishes use cases.
A merger will allow the more than 15 agencies and 15 vendors participating to begin zero trust logistics and building and showcasing proofs of concept, said Gerald Caron, director of enterprise network management in the State Department‘s Bureau of Information Resources.
Caron co-chairs the agency working group and developed a zero-trust architecture that subgroups are using to define use cases.
“While the government is doing their deliveries and getting level set on requirements and architectures and definitions and concepts and use cases … we are feeding that to the vendors, so they can get started,” Caron said during an ATARC event Thursday.
Caron helped stand up ATARC’s Trusted Internet Connection 3.0 Demonstration Center, a physical test environment allowing federal agencies to try out cloud and infrastructure solutions for securing their networks.
With ATARC’s TIC 3.0 Working Group deemed a success, its members were grandfathered into the Zero Trust Working Group “because we believe TIC fits into the overall architecture of zero trust,” Caron said.
Continuous Diagnostics and Mitigation (CDM) Program Manager Kevin Cox has further agreed to join the working group and work with its members as his program transitions toward a zero-trust concept. That way the CDM program will get direct feedback from government officials and vendor representatives.
And Federal Chief Information Security Officer Chris DeRusha will have someone from his office participate in the working group as well.
“Having those two entities, I think, makes this working group pretty powerful — for lack of a better term,” Caron said. “It’s great participation, and we’re really influencing the government at this point.”
The working group will demystify zero trust by providing technical requirements agencies can use, said Trafenia Salzman, security architect at the Small Business Administration.
“It’s really helpful as an architect or an engineer or an analyst to be able to implement that in your environment,” said Salzman, who co-chairs the Zero Trust Working Group.
Salzman’s team at SBA is currently inventorying security tools and gathering information on processes before it implements a zero trust plan for the agency.
Meanwhile Caron is helping implement zero-trust infrastructure at the State Department and also serving as acting chief information officer for the Department of Health and Human Services Office of Inspector General.
HHS OIG is also inventorying security tools with plans for a multi-year, multiple project zero trust program.
“I’d rather be effective than compliant, so I think zero trust really focuses on effectiveness because you focus on what you want to protect,” Caron said. “I really believe in that, and compliance can fall into place as you go.”