The achievement is a major milestone for DISA’s Thunderdome initiative, which offers a suite of IT and cybersecurity technologies that various agencies across the Defense Department can use as their zero-trust solution. DISA’s validation of Thunderdome comes more than two years ahead of the Pentagon’s deadline to implement target levels of zero trust by the end of fiscal 2027.

“It is a stellar machine system and environment, and there’s a lot of DOD field activities and agencies that are depending on that solution as its [zero-trust] solution,” Resnick said Wednesday during the Defense Acquisition University’s annual Zero Trust Symposium.

Zero trust is a cybersecurity framework that assumes networks are already compromised by adversaries, as opposed to the perimeter-based standards traditionally employed by the DOD. Rather than establishing a protective cybersecurity boundary over its networks, zero trust requires the Pentagon to integrate new capabilities that can constantly monitor and authenticate its networks and users as they move through them.

The DOD’s 2022 Zero Trust Strategy outlined a minimum set of 91 capability outcomes that agencies and components must meet to achieve “target levels” of zero trust no later than Sept. 30, 2027. The strategy also provided an additional 61 activities that are required to meet what the Pentagon considers “advanced levels.”

Resnick said DISA’s Thunderdome achieved a “perfect 152 out of 152,” meaning the solution is the second to hit all of the department’s ZT capability outcomes. The Navy’s cloud-based Microsoft Office 365 platform — known as Flank Speed — was the first zero-trust solution to achieve advanced levels, and met all 152 requirements earlier this year.

“Thunderdome is the Defense Information Systems Agency’s (DISA) comprehensive ZT solution,” Chris Pymm, Thunderdome portfolio manager at DISA, told DefenseScoop in a statement. “Recently, the Department of Defense DOD CIO purple team has validated that Thunderdome provides advanced level ZT across all 152 activities in DOD’s ZT model. What’s more, organizations can leverage DISA’s Thunderdome procurement vehicle to meet their integration ZT needs.”

According to the agency, the Thunderdome solution leverages enterprise identity credential and access management (ICAM); commercial secure access service edge capabilities; and software-defined wide area networking and security tools.

In 2022, DISA awarded Booz Allen Hamilton a $6.8 million other transaction agreement to prototype Thunderdome, which was later extended to include the Pentagon’s classified Secure Internet Protocol Router Network (SIPRNet). Following 18 months of development, the company received a follow-on production contract in 2023 to transition the solution into full deployment. 

The award is structured as an indefinite delivery/indefinite quantity (IDIQ)-like award to allow for other Pentagon agencies and departments to leverage the OTA over a five-year period. The contract has a total ceiling of $1.86 billion.

Pymm said that Thunderdome “will complete the DISA terrain in June of this year.” The effort’s zero-trust capabilities will be scaled to defense agencies and field activities via the broader migration of users to its new modernized network, known as DODNet, he added.

In fiscal 2025, Thunderdome will be fielded to the Defense Contract Management Agency, Defense Contract Audit Agency, Defense Logistics Agencies, Defense Media Activity, Defense Finance Accounting Service and the Defense Microelectronics Activity.

Moving forward, DISA plans to deploy the capability to the following agencies and organizations in fiscal 2026: Defense Threat Reduction Agency, Joint Staff’s J-6 directorate, Defense Advanced Research Projects Agency, Missile Defense Agency and Defense Manpower Data Center.

Updated on April 2, 2025, at 5:25 PM: This story has been updated to include more information from DISA about plans for Thunderdome and statements from Chris Pymm, Thunderdome portfolio manager.

The post DISA’s Thunderdome achieves advanced zero-trust goals appeared first on DefenseScoop.

Like the other services and the Pentagon at large, the Navy and Marine Corps have made strides towards migrating data and applications into the cloud, such as its cloud-based office suite of tools known as Flank Speed. And while much of those efforts have previously concentrated on sights located ashore, the Navy is now experimenting with a cloud on a ship to inform how those capabilities can be leveraged for users while at sea, acting Department of the Navy CIO Jane Rathbun said Friday.

“In our work with Flank Speed … we actually physically put a cloud on a ship and are extending that enterprise IT concept more to the tactical edge,” she said during a keynote at AFCEA NOVA’s Naval IT Day. “I think that there’s going to be a lot of opportunity going forward to rethink cloud in a tactical environment.”

A 2020 memo co-signed by the assistant secretary of the Navy for research, development and acquisition and the service’s CIO created a policy to accelerate promotion and acquisition of cloud services. Since then, the Department of the Navy awarded Amazon Web Services (AWS) in December a $724 million contract to give the Navy access to its commercial cloud environment for at least five years.

The department also recently created a new Neptune Cloud Management Office to help streamline acquisition and delivery of cloud capabilities to both the Navy and Marine Corps. That office will help the sea services leverage the Pentagon’s $9 billion enterprise cloud solution, the Joint Warfighting Cloud Capability (JWCC).

Service leaders in the past have signaled a need for better cloud access while at sea, especially as both the Navy and Marine Corps pivot to preparing to conduct more operations in remote, communications-denied environments in the Indo-Pacific. For many, the difference in connectivity while ashore versus while deployed on vessels is night and day.

Even with work to push the cloud out to deployed ships, Rathbun noted that sailors and Marines still might have to work disconnected at times.

“When I’m on an airplane flying somewhere, I can still work on my Flank Speed account. I can type up emails and I can edit documents, and then when I’m connected I can push those things back to my cloud environment and they’re saved,” she said. “I think we will have something similar, and many of the applications that we’ll need to bring are going to work disconnected, but they’re also going to be able to pop up every once in a while and connect when they need to to get more data in and push more data out.”

Evolving warfighting tactics for operations in the Indo-Pacific are also influencing how the Department of the Navy thinks about cloud access at the tactical edge. Rathbun pointed to the Marine Corps’ new emphasis on forward deployments on small, remote islands closer to potential adversaries — meaning they need to be less detectable on the electromagnetic spectrum.

“The Marines are learning how to manage spectrum [and] hide on the spectrum,” she said. “I think that is an innovation that will evolve our thinking about how disconnected you really will be in the future.”

The post Navy testing cloud capabilities on ships for improved, flexible access at sea appeared first on DefenseScoop.