While zero trust security has become headline news for government agencies since 2021, the Department of the Air Force has been working and learning in that space for several years and is being guided by several roadmaps that incorporate zero trust principles on a strategic level, a senior Air Force tech official said this week.
Justin Stolpman, director of the Air Force’s Zero Trust Functional Management Office, explained that since the service branch released its Zero Trust Roadmap earlier this year – which lays out seven pillars and 52 milestones – it has also published adjoining strategic roadmaps that incorporate zero trust at every level, including the Enterprise Network roadmap and the Enterprise ICAM Roadmap.
In implementing the principles laid out in all these roadmaps, Stolpman explained, the department has taken on a holistic enterprise approach.
“What can we provide at the enterprise level? What are those foundational capabilities that enable that zero trust access framework? And then taking a step back and [identifying] what requirements need to be baked into every single program that we do?” Stolpman said during an Aug. 28 webinar hosted by Red Hat and Gov Exec.
Stolpman emphasized that zero trust is not a capability that can merely be purchased. He said that as organizations begin to tackle a zero trust framework, it’s key that senior leaders understand that zero trust principles “must be baked into every single thing that you do as an organization.”
While there are foundational zero trust capabilities that organizations can deploy, like software-defined perimeters and micro-segmentation, there are a lot of other things that must be baked in at the system level to be successful, he said.
“These roadmaps all fall under that broad umbrella of zero trust, with additional identified tasks … we have been working on implementing [these] plans to get us to that 2027 target level of zero trust as it’s defined by the [Department of Defense (DoD)],” Stolpman said.
The DoD’s larger zero trust strategy – which was released in November 2022 – sees 2027 as the year the department as a whole will have a fully functional zero trust architecture. According to Stolpman, the DoD’s zero trust strategy laid down the groundwork for the Air Force to develop and implement its zero trust roadmap.
Stolpman also emphasized that implementing zero trust within the Air Force goes beyond the DoD’s 2027 goal.
“Leaders also must understand that there is no end to this journey. We’re always going to be implementing, we’re just going to be moving from different shades of green as we progress along this journey,” Stolpman said. “We’re not going to wake up in five years and say, all right, we’re done. This is going to take time and it’s going to take dedication.”
