Department of Defense information networks (DoDIN) are working to apply a Comply-to-Connect (C2C) initiative that will boost cybersecurity across DoD with future directives by the DoD CIO addressing components of the initiative.
Speaking at the New Era in DoDIN Security virtual event, Deputy Director for Cybersecurity Architecture and Capability Oversight and Team Lead for the Enterprise Cybersecurity Capabilities at DoD Carmen Santos-Logan described C2C as “an overall cybersecurity framework of tools and technologies that are fused together through the concept of security product orchestration to deliver a unified cybersecurity platform for the department network.”
C2C, Santos-Logan further described, fits into zero trust efforts and is a five-year cybersecurity program that is congressionally mandated through the FY 2017 National Defense Authorization Act and is funded through FY 2024. The Defense Information Security Agency’s are given the funds to deliver aspects of C2C as an enterprise.
“The funding is … enterprise provided within each of the components and each component will be responsible for looking at how they would deliver Comply-to-Connect in their own networked environment,” Santos Logan explained. “And I believe – for the planning of Comply-to-Connect – to understand what their switching fabric looks like because what we’re trying to do is to make sure that from a compatibility and interoperability standpoint, we have made the right investments.”
During the event, she added that next week the DoD CIO will hopefully sign a memorandum to address where 802.1x may begin to be applied based on C2C framework to make sure non-traditional devices are in the right place on the network and is up to the latest possible manufacturing configuration state.