The Department of Defense (DoD) is set to introduce a new assessment standard aimed at assisting defense components in adopting zero trust cybersecurity solutions, according to a senior official involved in the initiative.
At ATARC’s Zero Trust Summit on Oct. 3, Les Call, director of DoD’s Zero Trust Portfolio Management Office, confirmed that his team has been collaborating with MIT Lincoln Laboratory (MIT LL) to establish what he referred to as “a proving ground” to further evaluate zero trust solutions and help achieve the department’s zero trust objectives.
In 2022, then-DoD Chief Information Officer John Sherman initiated an ambitious plan to implement a zero trust architecture across the department by fiscal year (FY) 2027. Call noted that Pentagon officials are working with various components and industry partners to accelerate the department’s progress toward fully realizing zero trust.
The Zero Trust Proving Ground (ZTPG) is a key element of that strategy.
The ZTPG aims to provide a space for vendors to be evaluated for zero trust configurations, solutions and interoperability, marking a shift away from DoD’s long-standing “proof of concept” methodology, Call explained.
Traditionally, DoD has utilized strategies like proofs of concept as a way to demonstrate feasibility of ideas and to help accelerate digital transformation efforts.
In FY 2024 the department put together 18 proofs of concept. To date DoD has completed two, assessed one, is beginning assessment for another, “and the others we’re working on,” Call said.
According to Call, DoD is “not equipped to be in the evaluation business.”
“So, proof of concepts allow us to take chunks of technology and drop them in a lab [and] develop use cases that satisfy specific needs … the [proving ground] gives people a … shortcut and get there faster,” Call explained. “We’re doing this proof of concepts, but as the DoD … we’re not equipped to be in the evaluation business. So, I want to get out of the proof of concept business. I want to get out of and away from evaluating things for zero trust.”
By working with MIT LL DoD plans to create a comprehensive “proving ground” through a multi-step approach: “assessing the landscape, developing a roadmap, creating a methodology and design, and developing a pilot to test and refine the proving ground,” he said.
MIT LL will evaluate solutions, and those will be compiled into a list that will be sent to the 43 DoD components, indicating which vendors are certified.
“This list will detail the activities they meet and how they interoperate with other tools. If you have this technology, it will work well with that,” Call said. “As we approach FY 27, we need to find ways to leapfrog or move beyond the linear progression.”