The achievement is a major milestone for DISA’s Thunderdome initiative, which offers a suite of IT and cybersecurity technologies that various agencies across the Defense Department can use as their zero-trust solution. DISA’s validation of Thunderdome comes more than two years ahead of the Pentagon’s deadline to implement target levels of zero trust by the end of fiscal 2027.

“It is a stellar machine system and environment, and there’s a lot of DOD field activities and agencies that are depending on that solution as its [zero-trust] solution,” Resnick said Wednesday during the Defense Acquisition University’s annual Zero Trust Symposium.

Zero trust is a cybersecurity framework that assumes networks are already compromised by adversaries, as opposed to the perimeter-based standards traditionally employed by the DOD. Rather than establishing a protective cybersecurity boundary over its networks, zero trust requires the Pentagon to integrate new capabilities that can constantly monitor and authenticate its networks and users as they move through them.

The DOD’s 2022 Zero Trust Strategy outlined a minimum set of 91 capability outcomes that agencies and components must meet to achieve “target levels” of zero trust no later than Sept. 30, 2027. The strategy also provided an additional 61 activities that are required to meet what the Pentagon considers “advanced levels.”

Resnick said DISA’s Thunderdome achieved a “perfect 152 out of 152,” meaning the solution is the second to hit all of the department’s ZT capability outcomes. The Navy’s cloud-based Microsoft Office 365 platform — known as Flank Speed — was the first zero-trust solution to achieve advanced levels, and met all 152 requirements earlier this year.

“Thunderdome is the Defense Information Systems Agency’s (DISA) comprehensive ZT solution,” Chris Pymm, Thunderdome portfolio manager at DISA, told DefenseScoop in a statement. “Recently, the Department of Defense DOD CIO purple team has validated that Thunderdome provides advanced level ZT across all 152 activities in DOD’s ZT model. What’s more, organizations can leverage DISA’s Thunderdome procurement vehicle to meet their integration ZT needs.”

According to the agency, the Thunderdome solution leverages enterprise identity credential and access management (ICAM); commercial secure access service edge capabilities; and software-defined wide area networking and security tools.

In 2022, DISA awarded Booz Allen Hamilton a $6.8 million other transaction agreement to prototype Thunderdome, which was later extended to include the Pentagon’s classified Secure Internet Protocol Router Network (SIPRNet). Following 18 months of development, the company received a follow-on production contract in 2023 to transition the solution into full deployment. 

The award is structured as an indefinite delivery/indefinite quantity (IDIQ)-like award to allow for other Pentagon agencies and departments to leverage the OTA over a five-year period. The contract has a total ceiling of $1.86 billion.

Pymm said that Thunderdome “will complete the DISA terrain in June of this year.” The effort’s zero-trust capabilities will be scaled to defense agencies and field activities via the broader migration of users to its new modernized network, known as DODNet, he added.

In fiscal 2025, Thunderdome will be fielded to the Defense Contract Management Agency, Defense Contract Audit Agency, Defense Logistics Agencies, Defense Media Activity, Defense Finance Accounting Service and the Defense Microelectronics Activity.

Moving forward, DISA plans to deploy the capability to the following agencies and organizations in fiscal 2026: Defense Threat Reduction Agency, Joint Staff’s J-6 directorate, Defense Advanced Research Projects Agency, Missile Defense Agency and Defense Manpower Data Center.

Updated on April 2, 2025, at 5:25 PM: This story has been updated to include more information from DISA about plans for Thunderdome and statements from Chris Pymm, Thunderdome portfolio manager.

The post DISA’s Thunderdome achieves advanced zero-trust goals appeared first on DefenseScoop.

Brian Hermann, director and program executive officer for DISA’s PEO Cyber, told a small group of reporters Friday that the agency expects to complete all ICAM federation activities with the services by the end of fiscal 2025.

The plan is to build off ongoing work with the Army and federate its ICAM solutions in March. DISA will then work with the Navy and Marine Corps to federate their instances by the end of June, and finally complete federation with the Air and Space Forces before the end of September, Hermann said.

ICAM generally comprises a set of IT policies, systems and security tools that verifies users have the right credentials to access certain parts of a network — in this case the Pentagon’s. While various Defense Department components have worked to develop their own ICAM capabilities, the larger department has sought to create and implement an enterprise solution to streamline information sharing across the Department of Defense Information Network, as well as with international allies and partners. 

“ICAM is how we work across the department, as well as how we work with our mission partners,” Hermann said. “Enabling our work with allied and coalition partners means we have to have some connectivity and understanding of who we’re working with in that coalition, make sure that we have an understanding of their access rights and grant them access to DOD resources — as well as grant DOD users access to things that we have to share with those mission partners.”

Overall, ICAM is a key part of the Defense Department’s journey to operating under a zero-trust cybersecurity framework, which requires all users and devices connected to a network to be continually authorized as they move through it. Hermann emphasized that DISA’s federation activity is crucial in the department’s goal of achieving “target levels” of zero trust by the end of fiscal 2027.

“We’re leading that effort for the department,” he said. “Any other ICAM implementations that may exist are going to depend on us getting this federation activity done.”

At the end of 2024, DISA stood up a federation hub to begin work consolidating the Pentagon’s existing ICAM instances, beginning with the Army’s, Hermann noted. The hub gives DISA a “total picture” of all the information users can access and ensures the agency can deconflict roles they might have in other systems across the department, he said.

Once the federation is complete with the military services, Hermann said DISA plans to connect with the Defense Manpower Data Centers — a repository of information on the Pentagon’s personnel and manpower. The agency plans to pick up ICAM federation efforts on classified networks in the future as well, he added.

While Hermann couldn’t provide an exact number of applications that will need to be federated across the Pentagon, he said it is more than first expected. He noted that federation work has also given different components insights on what systems they can modernize and others that have to be replaced in the future.

“This helps the exercise of determining whether something needs to get modernized and moved to ICAM, or it needs to potentially go away and cease to exist,” Hermann said. “I think there’s a lot of application rationalization that goes on across the department in this process, and that’s probably a good house-cleaning exercise.”

As it goes through the federation process, DISA is working with Pentagon components to determine whether an enterprise ICAM solution will meet their specific needs and avoid having too many instances across the department, Hermann said.

“We really want to prove that there’s no way that [something] could be supported by an existing ICAM before we create new ones because it’s not cheap to do this. There ought to be a real strong impetus for why we would have more of these,” he said. “I strongly believe in enterprise, and I want to try and make it work as much as possible. When we do that, then we have less requirements for federation because more users are being served by the enterprise solution.

Still, Hermann emphasized the importance of finding the right balance of ICAM solutions available, as having too few available would create bottlenecks for the Defense Department. To that end, allowing the military services to have their own ICAM solutions is helping DISA move faster with adoption, he said.

“My sincere hope is that at some point in the future, we can consolidate somewhat, but getting everybody to ICAM implementation and adoption quickly is served well by having some separate instances of ICAM,” Hermann said. “That, right now, is the longest pole in the tent of adopting ICAM — making sure that the application owners are able to work with their ICAM providers and get their applications connected.”

The post DISA aims to connect DOD services to federated ICAM solution by end of 2025 appeared first on DefenseScoop.

Now referred to as Combined Joint All-domain Command and Control (CJADC2), the department’s rebranded JADC2 efforts places additional emphasis on the fact that a majority of the U.S. military’s battles are fought with a coalition and not alone. That means JADC2 initiatives across the Pentagon should also stress the importance of integrating partners and allies in early stages.

“Part of the reality of making cloud useful … [is] there are certain necessary enabling functions inside of those capabilities. Many of them are native functions that the cloud service providers can make available to us, but we have to make some of those investments in each of the cloud environments in order to make CJADC2 possible,” Hermann said during a panel at the annual JADC2 Warfare Symposium hosted by the National Defense Industrial Association.

Google, Oracle, Amazon Web Services and Microsoft each were awarded contracts for JWCC in December and began receiving task orders in the unclassified environment in March. The multi-service, enterprise cloud capability will also have opportunities for secret and top-secret offerings and is seen as a key enabler for the Pentagon’s JADC2 efforts.

CACI International Senior Vice President Peter Gallagher, who moderated the discussion, pointed to zero-trust cybersecurity and its enabling identity, credential and access management (ICAM) as some examples of department-wide technical solutions that could help JWCC integrate partners and allies.

While Hermann agreed, he emphasized that DISA isn’t starting with technical solutions.

“It’s not just the technical solutions that are necessary, but things like real collaboration on changing policy associated with identity and credentialing and access management,” he said. “It’s hard enough to do in the Department of Defense, it’s hard enough to do in the federal government, and doing that with our allies and coalition partners requires some policy changes, frankly, and it requires a level of trust.”

ICAM generally comprises a set of IT policies and systems that verify whether or not users have the right credentials to access certain parts of a network. The solution is a key part of the Defense Department’s journey to embracing zero trust, which requires everyone on a network to be continuously authorized while moving through it.

A provision in the Senate Armed Services Committee’s version of the fiscal 2024 National Defense Authorization Act would require the department to transition existing ICAM initiatives into an enterprise-wide program of record and address needs for managing multi-domain operations that leverage information and systems across varying classification levels.

“Establishing a level of trust in the identities of the people and the systems you’re working for is absolutely essential,” Hermann said. “You have to have that available if you’re going to enable automated connectivity, as well as even shared data for the purposes of understanding the common operational picture. And I think that’s a tremendous challenge.”

Hermann noted that some of the United States’ most robust alliances — such as the Five Eyes intelligence-sharing alliance that includes the U.S., Australia, Canada, New Zealand and the United Kingdom — might have some trust already established based on historical precedence. 

But many combatant commands also have strong relationships with partners in their regions that would need to be addressed, he added.  

“I think we have to make all of those functions available in the commercially hosted cloud, and then we have to take advantage of what cloud can bring,” he said.

The post Enterprise cloud seen as tool for integrating international partners into JADC2 efforts — with caveats appeared first on DefenseScoop.

A provision in the committee’s version of the fiscal 2024 National Defense Authorization Act would require the Defense Department to transition its existing ICAM initiative into a program of record “subject to milestone reviews, compliance with requirements, and operational testing” within 120 days after Congress passes the defense spending bill, according to the legislation, which was approved by SASC in June and released Tuesday.

ICAM generally comprises a set of information technology policies and systems that verifies users have the right credentials to access certain parts of a network. As such, it is a critical part of the department’s journey to embracing zero-trust cybersecurity, which requires all users and data to be continuously authenticated and authorized as they move around the network.

An enterprisewide ICAM solution could also be beneficial to the department’s user experience as DOD personnel look to log in to digital systems from across the globe in a quick and easy fashion.

The Defense Information Systems Agency (DISA) tapped General Dynamics Information Technologies to deliver an ICAM capability throughout the department, although SASC lawmakers noted in a report released alongside their NDAA bill that there are current limitations in the technology’s scalability and interoperability.

“An enterprise-wide ICAM capability is a critical and pressing need for the Department of Defense (DOD) not only for cybersecurity, but also for managing complex multi-domain military operations involving information and systems classified at multiple levels,” the report said.

Senators are requiring the Pentagon to fix deficiencies in ICAM’s authentication and credentialing security capabilities that were outlined in a report submitted to Congress in April, the bill text states. That includes the department’s Public Key Infrastructure program, which facilitates secure data exchanges between users on potentially unsafe networks.

The department must also implement “improved authentication technologies, such as biometric and behavioral authentication techniques and other non-password-based solutions,” according to the provision.

Per the legislation’s accompanying report, the Pentagon will be required to replace the current enterprise ICAM’s core identity provider component with a cloud-based capability that better enables the technology to scale and integrate throughout the department.

“The committee further notes that the military services are left with the responsibility for fielding ICAM solutions for operational forces out to the tactical edge that must work seamlessly with the enterprise ICAM solution,” the report read. “Similarly, the enterprise and tactical edge ICAM systems must seamlessly operate across multiple classification levels and networks, including at the special access program level, and with multiple enterprise cloud solutions under the Joint Warfighting Cloud Capability program.” 

Committee members are asking the Secretary of Defense for a brief on the enterprise-wide ICAM program of record no later than 150 after the legislation is passed.

A reconciled version of the NDAA must be passed by the Senate and House and signed by the president before becoming law.

The post Senators push DOD to create enterprisewide ICAM program of record appeared first on DefenseScoop.

The service’s new ICAM Roadmap — released last month with an enterprise Zero Trust Roadmap — envisions an end state in five years of “true attribute-based micro-segmentation for ICAM … at a global scale” with context for user activity, Knausenberger said Wednesday at ITModTalks, presented by FedScoop. Such a capability is key to a zero-trust architecture because it limits a user’s or device’s access to part of a network based on information about them.

But the Air Force’s vision for ICAM isn’t just about restricting users from certain parts of the networks — it’s also about making a better experience for airmen as they go about accessing the information and applications they need, Knausenberger said.

“If you get ICAM right, you’re delivering a much more secure enterprise,” she said. “And you’re also making it much more likely that your users use your enterprise” instead of looking for alternatives, which come with security risks outside of the CIO’s control.

Alternatively, if it feels “funky or stovepiped as it is right now in the Department of Defense … people are gonna use their personal email accounts, they’re gonna find a way to get the mission done,” Knausenberger said.

In an ideal scenario, Air Force users would be able to do everything they need on the service’s IT enterprise, consolidating the numbers of sign-ons to as few as possible, she added.

“We want to be able to use single sign-on across a wide variety of systems. We are still logging into a lot of different places right now, and it does make us less secure,” Knausenberger explained.

As the Air Force moves forward with its recently released ICAM roadmap, Knausenberger, who is leaving her role in June, wants partners across industry, the DOD and other government agencies to give their feedback, because eventually, the goal is that it will be interoperable with the service’s many mission partners.

“We want it to be interoperable across the Department of Defense, in some cases maybe in other parts of government as well, and certainly with our allies and partners that we fight with,” she said.

The post Air Force’s ICAM roadmap is rooted in a better experience for users, CIO Knausenberger says appeared first on DefenseScoop.

The spending blueprint for accelerating digital transformation was based on reviews of the force’s capability portfolios, Undersecretary of the Army Gabe Camarillo said during a briefing with reporters at the Pentagon on Monday when the budget was rolled out.

“If we’re going to be able to fight for more multi-domain operations and to execute the national defense strategy, we have to be able to unlock data, ensure that we have the right skills in place, and to develop the right tools … at the pace that we need them moving forward,” Camarillo said. “There has been a concerted effort over this last year to relook our entire network spend across the Army through a series of capability portfolio reviews. And what that did was allow us to align our FY ‘24 investments in a way that will help us to achieve foundational gains to enable us to accelerate our digital transformation.”

The spending request includes $439 billion to implement the zero-trust cybersecurity model, as well as $95 million for “defensive cyber tools,” according to Army budget documents. The zero-trust paradigm requires organizations to continuously validate network users, devices and data to protect them from threats.

The investments would build and enhance the zero-trust architecture through endpoint security; fund the deployment of identity, credential and access management (ICAM) to support Joint All-Domain Command and Control (JADC2) and audit; accelerate SIPR modernization for U.S. Indo-Pacific Command; and buy “defensive cyber operations tools.”

Another $469 million would go toward “unlocking access to data” by resourcing the transition to the cloud and other upgrades to the service’s digital environment. About $333 million of that would fund central tools and services for application, development, modernization, cloud migration, and Enterprise Cloud Management Agency (ECMA) support. The other $136 million would be invested in Army data platforms, Application Programming Interface (API) management and data catalogs, to “enable decision through an open data environment,” according to budget documents.

Camarillo referenced the “fix our computers” complaints that have been voiced by DOD personnel, noting that the 2024 budget blueprint includes “significant investment in order to retire technical debt that has accumulated over many years across the DOD, but certainly within the Army, to upgrade user experience and also experiment with pilots that might make it easier for soldiers and civilians in the Army to be able to use the right tools in a way that is very effective for that.”

That includes $394 million for initiatives such as Bring Your Own Device (BYOD) and Virtual Desktop Infrastructure, and to replace aging IT infrastructure.

The Army is also looking to better leverage artificial intelligence and machine learning, not just for warfighting capabilities but also on the enterprise side of the house to improve back-office operations and how the service does business, Camarillo noted.

Service budget documents highlight $283 million to fund research and development for “enhanced autonomy experimentation” and program activities enabled by AI and machine learning, including for the Integrated Visual Augmentation System (IVAS), Optionally Manned Fighting Vehicle (OMFV), robotic combat vehicles, Tactical Intelligence Targeting Access Node (TITAN), and “smarter sensors” with edge processing.

The Army also wants $639 million for cryptography modernization including accelerating its tactical radio cryptographic modernization compliance timelines, and supporting the NSA’s “Raise the Bar” strategy for “cross-domain solution integration into critical combat platforms,” per the documents.

Additional money would go toward “upskilling” the workforce.

“There are funded investments to upskill our workforce to bring in software development expertise, cyber expertise within the Army, and to ensure that we’ve got people who have an understanding of the types of best practices that industry employs to help us steer and guide our efforts within the Army,” Camarillo said.

The service wants software development architects with experience in agile software development and commercial sector best practices, as well as acquisition officials educated on key topics such as agile development, cloud, data science, AI and machine learning, per the budget documents.

The post Army asking Congress for billions in 2024 to implement zero trust, cloud transition, BYOD and other digital transformation efforts appeared first on DefenseScoop.

The Department of Defense (DOD) has a diverse user population like no other organization in the world. The scope of DOD personas includes active-duty U.S. military personnel, reservists and recruits, their DOD civilian counterparts, veterans, students, and military families who all need to be able to access information in a timely and secure manner.

While identity management is often spoken about as a technology capability, we cannot overlook that we are ultimately discussing the right to security for individual users. Military personnel and their families are constantly on the move and users shouldn’t be concerned about the risks of emailing family or communicating across the globe with their comrades at arms.

DoD technology leaders need to ensure user access to trusted applications and services, and shouldn’t have their focus drawn away from the mission to solve their organizations’ identity needs. That is why Okta is a proud DOD partner, working on identity solutions for a myriad of unique use cases that can help withstand the relentless efforts by cyber threat actors to steal credentials and mount their attacks.

Tactics like phishing campaigns continue to rank high on cybersecurity reports as well-used attack methods. Recently, the security industry also began tracking a rise in credential stuffing — the use of stolen passwords from past breaches across other sites — as a trending identity attack method to steal both work and personal-use identities.

But Okta’s identity-first approach to security is an effective strategy for organizations as large and complex as the DOD to build a central line of defense in their ever-expanding IT and cloud environments.

Modernizing identity and access management across the DOD

At Okta, we continue to make great strides in how we work with our DOD partners to improve identity security. Last year Okta reached an important milestone in our DOD Impact Level 4 (IL4) conditional Provisional Authorization (PA) which verifies that Okta for US Military meets the stringent security requirements necessary for controlled unclassified information (CUI). Okta then made additional investments to host the environment on a .mil domain and restrict its use only to DOD-approved entities, an important step in our ongoing commitment to the Department.

Okta for US Military centralizes digital trust policies so both common access card (CAC) and non-CAC communities can securely access relevant resources across different platforms and devices.

We are uniquely positioned to help modernize identity security with our modern single sign-on (SSO) and multi-factor authentication (MFA) capabilities on a vendor-neutral platform that has over 7,500 integrations to support the infrastructure already implemented across DOD organizations.

Our experts work continuously on our solutions and refine these technologies so they don’t introduce more friction to the end user. And we work with our partners to select those products that will integrate with other tools already in their environment, have good connectivity, and are quick and easy to implement so we don’t risk any downtime.

Future-looking identity strategies

Identity plays a critical role in securing IT infrastructure against immediate threat concerns and future attack vectors. According to both the Cybersecurity and Infrastructure Security Agency (CISA) Zero Trust Model and the DOD Zero Trust Strategy, identity and users are key pillars of zero-trust alignment.

Okta is here to support our DOD partners with a powerful suite of products and integrations that create a secure and frictionless identity environment for the end user and support their zero-trust journey. Our suite of tools enables quick integration of capabilities like SSO and MFA which exponentially increase an organization’s ability to reduce and mitigate identity-related attacks that prey on poor password management.

As a former service member of the Navy — and having witnessed the emergence and modernization of many of the application technologies our service members use today — I have personally seen how identity allows for seamless transition of users from recruit, to active duty, to veteran. These modern user experiences weren’t available to me when I was in the military, but I am excited to work on these initiatives with our DOD partners to enable these secure and seamless experiences for the next generation.

I applaud the work that DOD and government agencies are doing today, but there is still a lot that needs to be done to protect the lifecycle of identities at scale across the diverse DOD user base, and we are here to lend our expertise to that cause.

Learn more about how Okta can help your organization with their Okta for US Military.

The post How modern identity solutions fortify the U.S. military’s digital defense appeared first on DefenseScoop.