DAFITC Recap: DoD cyber experts emphasize ZTA and RMF reform

By Ryan Nelson, Market Intelligence Manager

When it comes to cybersecurity, look for the DoD to emphasize Zero Trust Architecture (ZTA) as the branches push for reform to the Risk Management Framework (RMF), among other hot topics.

At the recent Department of the Air Force Information Technology and Cyberpower 2022 conference, increased focus on ZTA and RMF topped the list of cybersecurity concerns across the DoD. According to a panel of cybersecurity experts, other top-of-mind topics included the Cyber Security Maturity Model and the need for a better articulated policy for cybersecurity overall.

The panel included cybersecurity experts across the DoD, including:

  • David McKeown – Deputy Chief Information Officer for Cybersecurity and the Chief Information Security Officer for Department of Defense (DoD)
  • Alvin “Tony” Plater – Director of Cybersecurity for the Department of Navy Office of Chief Information Officer (OCIO)
  • Brigadier General Jan C. Norris (USAR) – Deputy Chief Information Officer, Department of the Army Office of the Chief Information Officer (OCIO)
  • Scott M. St. Pierre – Deputy Director Enterprise Networks and Cybersecurity Department of the Navy (OPNAV N2N6D)

As mentioned at the outset, panelists generally agreed that all branches of service need to move away from perimeter security to a Zero Trust Architecture (ZTA). The panelists noted the DoD released a plan in July for Zero Trust Reference Architecture.

While some acknowledged a need for improved Defense Industrial Base (DIB) Security in the DoD, and underscored continuing importance of the Cyber Security Maturity Model, attention across the board seemed focused on the need to reform the Risk Management Framework.

RMF needs to be made more usable, panelists agreed. At the moment, it’s seen largely as a checklist, without any real guidance on how to secure the service branches’ networks.

Each panelist was asked to identify the Top 3 issues for their branch of service.


  1. ZTA and how it is aligned to the cloud,
  2. Cybersecurity reform, Risk Management Framework (RMF 2.0), governance, consolidation of Authorizing Officials, and
  3. Creating policy. The Army has no standing policy on subjects including cloud or ZTA.

Air Force:

  1. Battle Management, to include Software Defined Wide Area Networks (SDWANs),
  2. Identity, Credential and Access Management (ICAM) and processing data. The Air Force needs better guidance on how to tag data and process that data in the cloud, and
  3. Fixing RMF, with a particular emphasis on continuous monitoring.


  1. “Cyber Readiness.” The Navy is not getting the results the department wants from the money it spends.
  2. Ensured security of the Defense Industrial Base, and
  3. Active monitoring, to better understand what/who are on the networks at any given time.

The discussion also turned to some more forward-looking topics such as AI and robotics.

There was general agreement that DoD is focused more on quantum instead of AI, largely because quantum technology is seen as disruptive. While the panelists concede that the U.S. “isn’t there yet” on either technology, they note that no other countries are, either.

Robotic Process Automation (RPA) also emerged as a consideration. RPA is a challenge for cyber policy: For now, there’s no clear understanding as to how cyber operators will distinguish between good RPA bots and bad RPA bots.

Finally, panelists seemed to generally support the need to speed up reforms to Authority to Operate. ATOs must be included for DevSecOps.

So the roadmap is clear for the near term. If you can position your service or product offerings to support ZTA, you are well positioned for success down the road. And everyone should stay apprised of revisions and reforms to the RMF, which will provide more clues of where the government’s needs will lead.

immixGroup’s Market Intelligence team will be happy to help you identify FY23 opportunities to grow your pipeline. Contact us for more information.

Keep on top of the latest trends in public sector IT. Subscribe to immixGroup’s Government Sales Insider now.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: