Pentagon Seeks Cloud Provider Support to Boost Zero Trust, CMMC Adoption
Dave McKeown, the chief information security officer of the DOD, said during a DefenseScoop event that contractors under the Joint Warfighting Cloud Capacity are being asked if they can provide zero trust capabilities through the cloud. McKeown noted, however, that it would be difficult to add zero trust in existing tools.
Amazon Web Services, Google Cloud, Microsoft and Oracle are the companies that earned spots in JWCC, DefenseScoop reported.
According to the CISO, the requested capabilities will be part of a forthcoming strategy and implementation plan requiring the DOD to transition to zero trust by 2027. McKeown said his team is still finalizing the plan.
The Pentagon is also asking cloud providers to help smaller contractors comply with CMMC. Under CMMC 2.0, contractors that handle the DOD’s controlled unclassified information will need to be certified.
According to McKeown, small- and medium-sized businesses expressed concerns about the costs it might take to comply with the department’s cybersecurity guidance. The CISO noted that the DOD and the cloud providers with which it works have tools and resources to provide other defense industry base members.
CMMC 2.0 is expected to be implemented in 2023.
Tags: cloud service cybersecurity Cybersecurity Maturity Model Certification Dave McKeown DefenseScoop Department of Defense Joint Warfighter Cloud Capability zero trust