GSA stresses agencies align IPv6 and zero-trust plans ahead of next week’s deadline
The General Services Administration continues to stress that agencies align their IPv6 and zero-trust architecture implementation plans, ahead of the deadline for the latter next week.
Zero-trust architectures should be protocol agnostic, and plans should ensure there aren’t any gaps in the cybersecurity products used, said Tom Santucci, director of IT modernization within the Office of Governmentwide Policy, at an ATARC event Tuesday.
GSA‘s main concern is that agencies also crafting their IPv6 implementation plans, due before the end of fiscal 2021, will end up undertaking duplicative work if the two plans aren’t coordinated.
“Those two should coincide with each other,” Santucci said.
President Biden‘s cybersecurity executive order issued May 12 gave agencies 60 days to develop their zero-trust plans, with an emphasis on accelerating the purchase of secure cloud services.
Agency cloud adoption strategies require planning at the C-suite level, and the Data Center Optimization Initiative that Santucci oversees developed a Cloud Smart guide to help. The guide advises agencies to evaluate their people, processes and tools, followed by the business value of cloud migration.
Examining cloud procurement and acquisition strategies is also important.
“One of the things we find is that people aren’t buying it right or aren’t using it right,” Santucci said.
Agencies will need to evolve cloud automation and monitoring tools over time and share information among their offices and teams because it’s often “amazing” how much one may know about how a modernization effort is going that the others don’t, he added.
