Software Engineering Institute

Update, August 25, 2022—The SEI today announced that John Kindervag, senior vice president, cybersecurity strategy, at ON2IT and creator of the zero trust model will deliver a keynote presentation at Zero Trust Industry Days.

Pittsburgh, August 15, 2022—The Software Engineering Institute (SEI) at Carnegie Mellon University is hosting Zero Trust Industry Days to share information on zero trust cybersecurity architectures in government settings. Selected providers who develop solutions for implementing a zero trust architecture will present proposals to help government agencies form a zero trust implementation that meets their mission goals, budget, and time frame at the hybrid event, which will be held August 30-31 virtually and at the SEI in Pittsburgh.

At Zero Trust Industry Days, presenters will offer proposed solutions in response to a scenario of a federal agency with finite resources needing to implement a zero trust architecture within an operating environment that includes a hybrid computing environment, multiple technology types, hybrid data storage, and a distributed, remote workforce. Proposals will focus on how agencies can comply with Office of Management and Budget (OMB) memoranda M-22-09 and M-21-31, which focus on federal cybersecurity measures.

Presenting organizations include Zscaler, Cyolo, InstaSafe, Illumio, Cimcor, 1Kosmos, Appgate, iboss, Zentera Systems, and Ericom Software. The day’s events also include panel discussions on further research needs; a keynote presentation by CERT Division director and former U.S. government CISO Greg Touhill; and wrap up sessions with audience Q&A. The public will be invited to participate virtually.

Implementing a zero trust architecture that meets OMB requirements in highly regulated domains, such as the federal government, is difficult, said Tim Morrow, the SEI’s technical manager of situational awareness. “Typically, commercial vendors focus on one, maybe two of the high-level concepts for zero trust,” said Morrow. “This event will provide an opportunity for selected organizations to provide a more comprehensive approach to help these agencies.”

The zero trust security model moves away from the risks associated with perimeter-based security by requiring authentication and authorization of every subject, asset, and workflow within an organization’s information technology network or system. The approach is a set of organizational practices, not a piece of technology. A zero trust architecture is an enterprise cybersecurity plan that incorporates zero trust tenets into components specified by the National Institute of Standards and Technology (NIST) Special Publication 800-207.

By hosting Zero Trust Industry Days, the SEI aims to gather, analyze, and share foundational information as it formalizes guidance on effective zero trust implementations.

For more information or to register, visit https://www.eventbrite.com/e/zero-trust-industry-days-2022-tickets-381929018977, or email info@sei.cmu.edu.