Pentagon Seeks Cloud Provider Support to Boost Zero Trust, CMMC Adoption

The Department of Defense is seeking help from cloud service providers to help speed up zero trust and Cybersecurity Maturity Model Certification adoption.

Dave McKeown, the chief information security officer of the DOD, said during a DefenseScoop event that contractors under the Joint Warfighting Cloud Capacity are being asked if they can provide zero trust capabilities through the cloud. McKeown noted, however, that it would be difficult to add zero trust in existing tools.

Amazon Web Services, Google Cloud, Microsoft and Oracle are the companies that earned spots in JWCC, DefenseScoop reported.

According to the CISO, the requested capabilities will be part of a forthcoming strategy and implementation plan requiring the DOD to transition to zero trust by 2027. McKeown said his team is still finalizing the plan.

The Pentagon is also asking cloud providers to help smaller contractors comply with CMMC. Under CMMC 2.0, contractors that handle the DOD’s controlled unclassified information will need to be certified.

According to McKeown, small- and medium-sized businesses expressed concerns about the costs it might take to comply with the department’s cybersecurity guidance. The CISO noted that the DOD and the cloud providers with which it works have tools and resources to provide other defense industry base members.

CMMC 2.0 is expected to be implemented in 2023.

Sign Up Now! Potomac Officers Club provides you with Daily Updates and News Briefings about Cybersecurity

Join Us Now