Zero trust security
US Air Force Working on Basics of Zero Trust, CIO Says
The Air Force is currently implementing basic zero trust elements for the majority of its programs, according to the service’s chief information officer.
Air Force CIO Lauren Knausenberger said the service has so far fully implemented zero trust in its Platform One and Cloud One collaborative development services, Nextgov reported.
As for the rest of its programs, Knausenberger said the Air Force still needs a solid foundation for identity, credentials, access management and other fundamental functions.
Zero trust security architecture operates as if attackers have already breached a network’s perimeter defenses and limits access to information for even users on the inside, who are constantly required to prove their identity.
In January, the Air Force began transitioning mission-critical applications away from a perimeter-focused defense model, where security measures are aimed at keeping adversaries out of network entry points.
Air Force Chief Technology Officer Frank Konieczny stressed the importance of moving to zero trust as airmen and service civilians are expected to continue working remotely for the indefinite future.
According to Knausenberger, the Air Force has already developed a roadmap of activities needed to create a zero trust environment.
The service has also begun appointing authorities responsible for leading the implementation of zero trust functions such as data tagging and maturity progression, Knausenberger added.
In February, the National Security Agency issued a cybersecurity information sheet providing instructions for defense agencies and contractors on how they can establish a zero trust network architecture.
The seven-page document provided guidance on implementing zero trust security into critical networks such as national security systems, networks used by the Department of Defense and systems employed by federal contractors.
Category: Digital Modernization