The Defense Information Systems Agency (DISA) performs a basic function in guaranteeing that the U.S. Department of Defense (DoD) has the mandatory info know-how and communications help to meet its mission. Among its many initiatives, DISA’s Comply-to-Connect (C2C) is an important framework that enhances community safety. In this weblog, we’ll discover how DISA’s C2C method is transformative, with simplified compliance and a centralized platform. Specifically, one which automates the invention of endpoints – all accomplished with using Cisco’s Identity Services Engine (ISE).
If it’s linked, it’s protected
As Cisco’s Area Leader for Cybersecurity supporting United States National Security entities and the DoD, I’ve the privilege of witnessing an evolution in how our authorities is securing its most important info property. I even have the distinct honor of nonetheless sporting the uniform, serving as a Lieutenant Colonel with the Army National Guard. In my army function, I function my Commander’s G6, or Chief Information Officer, overseeing all points of mission vital info; from dissemination to move to storage and every little thing in between.
Why Cisco ISE is vital
DISA’s Comply-to-Connect method is designed to scale back vulnerabilities and improve the resilience of the DoD’s info community in opposition to more and more subtle cyber threats. That’s the place Cisco ISE may help. It is the trade’s most generally adopted and awarded community entry and management (NAC) answer, however it’s a lot greater than that. It permits the creation and enforcement of safety and entry insurance policies for endpoint units linked to the companies’ routers and switches. Not solely, that however ISE might be deployed within the cloud as properly and is filled with all the identical enhancements and options discovered within the on-premises model.
Cisco ISE is an important part within the implementation of DISA’s C2C method. For Cisco’s Federal Customers, Cisco ISE has maintained market dominance with a platform method to securing entry that’s built-in, not bolted into the community. I encourage you to observe my temporary dialogue on how they’re higher collectively:
How Cisco ISE enhances DISA’s Comply-to-Connect mandate
With Cisco ISE, our National Security & Defense groups are closing the gaps in machine visibility by enabling and enhancing DoD community administration and safety methods. In the sector, I’ve seen how Cisco ISE has assisted the Department of Defense within the following methods.
- Device Profiling: Cisco ISE excels at figuring out and profiling units trying to entry the community. It can dynamically classify endpoints into particular teams, providing granular management over community entry.
- Policy Enforcement: Cisco ISE automates the enforcement of safety insurance policies, ensuring that each one units adjust to the mandatory safety necessities earlier than they will connect with the community. This adherence to coverage enforcement is vital in sustaining the integrity of DISA’s C2C method as a result of if these units don’t comply, they’re not getting on the community. Simple as that.
- Threat Containment: When a risk is detected, Cisco ISE can shortly include it by limiting community entry or fully blocking the machine from the community. This speedy response diminishes the catastrophes {that a} dangerous actor can do whereas considerably lowering the potential injury from any safety breaches.
- Continuous Monitoring: Cisco ISE repeatedly screens the safety posture of linked units, guaranteeing that they continue to be compliant with the newest safety updates and insurance policies. This fixed monitoring is important for sustaining the continued safety of the community beneath the C2C framework. Even after a tool is let on to the community, it nonetheless will get rechecked each time to be sure that it’s secure.
- Scalability: Cisco ISE might be scaled to accommodate giant, numerous networks. This scalability is crucial for a large group just like the DoD, guaranteeing that each one units, no matter quantity or location, might be securely managed beneath the C2C framework.
Meeting DoD Zero Trust mandates
Cisco ISE with Comply-to-Connect is the bridge that helps our mission targeted stakeholders meet their five-year zero-trust technique as a result of it’s the perfect Zero Trust coverage determination level. Cisco ISE makes use of adaptive insurance policies to repeatedly confirm belief, implement trust-based entry, and shortly reply to adjustments in belief for resilient incident response.
As outlined within the DoD Zero Trust Strategy doc,[1] adopting zero belief requires a shift from a perimeter-based mannequin for belief to a “multi-attribute-based” mannequin for belief utilizing authentication and authorization that enforces least privileged entry. By simply integrating into present environments, Cisco ISE simplifies the transition to zero belief entry – particularly for complicated and huge networks just like the DoD.
Conclusion
I really like that I’m part of the Cisco workforce as a result of Cisco’s Security options are an indispensable device in our National Security and Defense arsenal in opposition to cyber threats. And with the combination of Cisco ISE with DISA’s Comply-to-Connect method, we’re serving to to supply a sturdy and complete answer for managing community entry and enhancing cybersecurity. One that’s enabling the DoD with the vital functionality to profile units, implement insurance policies, include threats, and repeatedly monitor safety compliance.
By guaranteeing that each one units adjust to the newest safety updates earlier than accessing the community, the C2C method is considerably bolstered by Cisco Security’s capabilities, enhancing the resilience of DISA’s info community in opposition to cyber threats.
Next steps for Comply-to-Connect success
Reference
[1] DoD Zero Trust Strategy (October 2022) – PDF
Share: