Thomas Santucci, director of the Data Center & Cloud Optimization Initiative program management office at the General Services Administration (GSA), is pointing Federal agencies to sources of expertise including CIO Council guidance and FedRAMP (Federal Risk and Authorization Management Program) as they navigate through requirements for the migration to zero trust security architectures.
Speaking on Feb. 23 at an event organized by NextGov, Santucci talked about how agencies can use existing technologies and programs on the way to creating zero trust capabilities.
“FedRAMP, I don’t know how we survive without it,” Santucci said. “It is a little laboring for the industry, to say the least. But it is creating a standard for the Federal government to meet before we can even start to deploy their applications,” he said.
Santucci also recommended CIO Council handbook guidance on zero trust.
“The CIO Council is leading the effort, and we’re supporting it,” he said, referencing GSA. “We have a multi-agency workgroup working on it.”
“The handbook provides agencies with technically and organizationally oriented plays that describe how to adopt a zero trust model and how to create an integrated zero trust architecture leveraging existing capabilities,” said Santucci.
Part of the goal of creating the guidance, he said, is “to incorporate things that have already been established by organizations and use those rather than recreate them.”