The Department of Defense is soliciting ideas for how artificial intelligence and machine learning capabilities can aid the Zero Trust assessment process as the deadline to achieve target levels of compliance approaches.
The Department of Defense's Zero Trust Portfolio Management Office is interested in “leveraging automation, AI, and ML to accelerate and scale,” according to a request for information posted Tuesday. [zero trust] Department-wide “evaluation”, especially “purple team evaluation”. This technology will help alleviate limitations in the Department of Defense's ability to verify initial compliance and conduct ongoing assessments, the RFI noted.
Zero Trust is a cybersecurity concept that assumes that IT networks and systems are constantly under attack by adversaries, and requires the Department of Defense to continuously monitor and authenticate users and their devices as they move within the network. The department's Zero Trust strategy requires all components of the Department of Defense to achieve a “target level” of Zero Trust by the end of fiscal year 2027.
Verifying compliance requires a combination of internal and third-party assessments. A key part of the Department of Defense's independent assessment process is a technique called purple teaming, which analyzes and tests how “red team” adversaries and “blue force” cyber defenders move and interact within IT networks.
However, officials have previously noted that implementing a comprehensive purple team formation could be a time-consuming process that could divert warfighters from other important missions.
And with deadlines approaching to achieve target levels of zero trust, meaning more solutions need to be validated through purple teaming, portfolio management offices want to see if AI capabilities can help with initial approval and future ongoing monitoring.
The agency is asking vendors to submit ideas for off-the-shelf AI/ML-enabled platforms and services that can extend Purple Teaming for Zero Trust evaluations on both non-classified and covert networks.
“These assessments evaluate the proper implementation of core Zero Trust requirements for adequacy and efficiency, while identifying limitations and non-compliance and facilitating the requirement for continuous evaluation of 91 target-level Zero Trust activities and 10 Zero Trust acceptance criteria,” the RFI states.
Interested companies are being asked to provide input on a variety of questions about how AI and automation can specifically support Purple Team processes, from how the technology can simulate realistic cyberattack scenarios to how to generate a comprehensive final assessment report and recommendations.
The Portfolio Management Office is also interested in what new AI trends are currently being researched that could impact valuations or innovative features that could enhance Purple Teaming in the future.
The deadline for submitting responses to the RFI is February 9th.
