While implementing a zero trust architecture in the Federal government can often feel like a compliance activity, cybersecurity experts on Tuesday stressed that it’s more than just meeting standards and requirements – it’s about protecting your intellectual property and people.
At the Intel Public Sector Summit in Washington, D.C., on Nov. 14, one expert explained that organizations need to start implementing cybersecurity practices aligned with the National Institute for Standards and Technology (NIST) special publication (SP) 800-171, for a more seamlessly transition to the Cybersecurity Maturity Model Certification (CMMC) program.
“As we kind of look at the next generation, the CMMC standards, if today you’re worried about CMMC, start doing the NIST standards and start pursuing those because it’s more than just running a scan on your system,” said Lt. Gen. David Bassett, director of the Defense Contract Management Agency (DCMA).
“It’s about the people,” he continued. “It starts with people and processes, and technology working together to provide for that confidentiality.”
Bassett added that whether organizations comply with standards because it’s in their contract or for their business reasons – the DCMA is going to encourage cyber compliance either way because it helps give the United States a competitive advantage.
“It’s not about just meeting, you know, NIST standards. It’s about protecting your intellectual property. It’s about protecting the technology and designs that give American soldiers, airmen, sailors, and marines an advantage on the battlefield,” Bassett said.
Adarryl Roberts, chief information officer at the Defense Logistics Agency (DLA) added that because the cybersecurity stakes are so high, the Department of Defense (DoD) has taken a “zero-tolerance level of not being cyber secure.”
“Cybersecurity is one step in the process, zero trust is part of that, but cyber resiliency is the activity,” Roberts said. “That’s the ongoing activity.”
“So it’s very vital, as Gen. Bassett said, for industry to really start protecting your database as well because that also affects your ability to support the warfighter,” he added. “It also affects your ability to continue in business.”
