The Department of the Navy’s cloud-based Microsoft Office 365 platform – dubbed Flank Speed – became the first zero trust solution to reach the Pentagon’s “target level” status last year and is now on track to achieve “advanced” zero trust compliance, with 151 of 152 required activities completed, a senior Navy tech official said today.
The DoD’s zero trust strategy, released in 2022, aims to implement a zero trust architecture across the entire department by FY 2027. The strategy outlines a comprehensive framework requiring agencies to implement 91 distinct capabilities to reach the “target level” of zero trust maturity, with an even more rigorous benchmark of 152 capabilities designated for “advanced” zero trust.
“Between now and the end of FY 2025 we’re going to be auditing our technical baselines, to get an understanding of where we’re at today,” said David Voelker, Zero Trust Architecture Lead for the Department of the Navy, who spoke today at the AFCEA TechNet Cyber conference in Baltimore.
Voelker further explained that while the zero trust goals were met and soon surpassed, that progress did not come without challenges. One of the most pervasive hurdles was the newly minted DoD zero trust standard, where “we found that many vendors simply repackaged products that failed to meet the target level requirements we needed.”
However, he noted that over the last year, industry partners have become more cooperative in demonstrating how their products map to target level zero trust. Still, Voelker emphasized that no single industry partner will have all the solutions necessary to meet the full range of activities outlined in the DoD’s zero trust standards.
“We are able to do gap analysis to determine which vendors can actually help us [meet a zero trust capability] based on our needs,” Voelker said, adding that reaching advanced zero trust has been an intensive and challenging programmatic effort.
This effort has also supported the Navy’s aggressive migration plan to transition all users to Flank Speed by FY 2027, significantly accelerating the push to create a more secure and efficient environment for collaboration across the fleet.
As part of this process, the Navy is running tests in these environments before any reconfiguration to assess the current security posture. This allows them to determine the overall value of the acquisition approach and ensure that the necessary tools are bought to meet their specific needs and enhance security.
“That is going to be a huge challenge. We have over 2,000 programs within the Department of the Navy, including the Marine Corps, that must identify what they need to buy and get it into the acquisition pipeline by the end of FY 2027,” said Voelker.