SEI Invites Proposals for Zero Trust Industry Day
• Article
June 17, 2022—The SEI is seeking volunteers to share information on zero trust cybersecurity architectures in government settings. Selected vendors, research organizations, and other solution providers will present zero trust architecture proposals at SEI Zero Trust Industry Day. The hybrid event will be held August 30-31 virtually and at the SEI in Pittsburgh. Providers should submit their initial thoughts on proposed solutions, along with a summary of their zero trust experience, online by July 8 to be considered.
SEI Zero Trust Industry Day is a request-for-information exercise. The SEI plans to select up to 12 providers to present proposed solutions in response to a scenario of a federal agency with finite resources needing to implement a zero trust architecture. The notional agency’s operating environment includes a hybrid computing environment, multiple technology types, hybrid data storage, and a distributed, remote workforce. Proposals should focus on how agencies can comply with Office of Management and Budget (OMB) memoranda M-22-09 and M-21-31, which focus on federal cybersecurity measures.
Implementing a zero trust architecture that meets OMB requirements in highly regulated domains, such as the federal government, is difficult, according to Tim Morrow, the SEI’s technical manager of situational awareness. “Typically, commercial vendors focus on one, maybe two of the high-level concepts for zero trust,” said Morrow. “This event will provide an opportunity for selected organizations to provide a more comprehensive approach to help these agencies.”
Selected speakers will deliver 30-minute proposal presentations. The event will also feature panel discussions and keynote addresses from government, industry, and research leaders, as well as a Q&A session. The public will be invited to participate virtually.
The zero trust security model moves away from the risks associated with perimeter-based security by requiring authentication and authorization of every subject, asset, and workflow within an organization’s information technology network or system. The approach is a set of organizational practices, not a piece of technology. A zero trust architecture is an enterprise cybersecurity plan that incorporates zero trust tenets into components specified by the National Institute of Standards and Technology (NIST) Special Publication 800-207.
By hosting Zero Trust Industry Day, the SEI aims to gather, analyze, and share foundational information as it formalizes guidance on effective zero trust implementations. The selected solution providers will have the opportunity to present a comprehensive, realistic approach to zero trust and address government challenges in complying with the OMB memoranda.
Organizations seeking to present at SEI Zero Trust Industry Day in August must submit their initial ideas for a proposed zero trust implementation, as well as their background in the field, online by July 8. Selected solution providers will then be given 30 days and additional scenario details to develop a more complete proposal, including a presentation and artifacts. For more information, read the event flyer or email info@sei.cmu.edu.
