Bridging Identity Governance and Dynamic Access: The Anatomy of a Contextual and Dynamic Access Policy

As organizations adapt to increasingly complex IT ecosystems, traditional static access policies fail to meet modern security demands. This blog instance continues to explore how identity attributes, and governance controls impact contextual and dynamic access policies—as highlighted previous articles; Governing Identity Attributes in a Contextual and Dynamic Access Control Environment and SailPoint Identity Security The foundation of DoD ICAM and Zero Trust, it examines the role of identity governance controls, such as role-based access (dynamic or policy-based), lifecycle management, and separation of duties, as the foundation for real-time decision-making and compliance. Together, these approaches not only mitigate evolving threats but also align with critical standards like NIST SP 800-207, NIST CSF, and DHS CISA recommendations, enabling secure, adaptive, and scalable access ecosystems. Discover how this integration empowers organizations to achieve zero-trust principles, enhance operational resilience, and maintain regulatory compliance in an era of dynamic threats.

Authors Note: While I referenced the DoD instruction and guidance, the examples in the document can be applied to the NIST Cybersecurity Framework, and NIST SP 800-53 controls as well. My next article with speak specifically to the applicability of the DHS CDM MUR and future proposed DEFEND capabilities.


Defining Contextual and Dynamic Access Policies

Contextual and dynamic access policies adapt access decisions based on real-time inputs, including user identity, device security posture, behavioral patterns, and environmental risks. By focusing on current context rather than static attributes, these policies mitigate risks such as over-provisioning or unauthorized access.

Key Features:

  • Contextual Awareness: Evaluates real-time signals such as login frequency, device encryption status, geolocation, and threat intelligence.
  • Dynamic Decision-Making: Enforces least-privilege access dynamically and incorporates risk-based authentication (e.g., triggering MFA only under high-risk scenarios).
  • Identity Governance Integration: Leverages governance structures to align access with roles, responsibilities, and compliance standards.

The Role of Identity Governance Controls

Identity governance forms the backbone of effective contextual and dynamic access policies by providing the structure needed for secure access management. Core components include:

SailPoint Bridging Identity Governance Blog Embedded Image
  • Role-Based Access Control (RBAC), Dynamic/Policy-based: Defines roles and associated entitlements to reduce excessive or inappropriate access.
  • Access Reviews: Ensures periodic validation of user access rights, aligning with business needs and compliance mandates.
  • Separation of Duties (SoD): Prevents conflicts of interest by limiting excessive control over critical processes.
  • Lifecycle Management: Automates the provisioning and de-provisioning of access rights as roles change.
  • Policy Framework: Establishes clear baselines for determining who can access what resources under specific conditions.

Balancing Runtime Evaluation and Governance Controls

While governance controls establish structured, policy-driven access frameworks, runtime evaluations add the flexibility to adapt to real-time risks. Together, they create a layered security approach:

  • Baseline Governance: Sets foundational access rights using role-based policies and lifecycle management.
  • Dynamic Contextualization: Enhances governance by factoring in real-time conditions to ensure access decisions reflect current risk levels.
  • Feedback Loops: Insights from runtime evaluations inform and refine governance policies over time.

Benefits of Integration

By combining governance controls with contextual access policies, organizations achieve:

  • Enhanced security through continuous evaluation and dynamic risk mitigation.
  • Improved compliance with regulatory frameworks like GDPR, HIPAA, and NIST standards.
  • Operational efficiency by automating access reviews and reducing administrative overhead.

The integration of contextual and dynamic access policies with identity governance controls addresses the dual needs of flexibility and security in modern cybersecurity strategies. By combining structured governance with real-time adaptability, organizations can mitigate risks, ensure compliance, and achieve a proactive security posture that aligns with evolving business needs and regulatory demands. This layered approach represents the future of access management in a rapidly changing digital environment.


To learn more about how SailPoint can support your organization’s efforts within identity governance, cybersecurity and Zero Trust, view our resource, “The Anatomy of a Contextual and Dynamic Access Policy.”


Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including SailPoint, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

Governing Identity Attributes in a Contextual and Dynamic Access Control Environment

In the rapidly evolving landscape of cybersecurity, federal agencies, the Department of Defense (DoD), and critical infrastructure sectors face unique challenges in governing identity attributes within dynamic and contextual access control environments. The Department of Defense Instruction 8520.04, Identity Authentication for Information Systems, underscores the importance of identity governance in establishing trust and managing access across DoD systems. In parallel, the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency (DHS CISA) guidance and the National Institute of Standards and Technology (NIST) frameworks further emphasize the critical need for secure and adaptive access controls in safeguarding critical infrastructure and federal systems.

This article examines the governance of identity attributes in this complex environment, linking these practices to Attribute-Based Access Control (ABAC) and Role-Based Access Control (RBAC) models. It highlights how adherence to DoD 8520.04, CISA’s Zero Trust Maturity Model, and NIST guidelines enable organizations to maintain the accuracy, security, and provenance of identity attributes. These efforts are particularly crucial for critical infrastructure, where the ability to dynamically evaluate and protect access can prevent disruptions to essential services and minimize security risks. By integrating these principles, organizations not only achieve regulatory compliance but also strengthen their defense against evolving threats, ensuring the resilience of national security systems and vital infrastructure.

SailPoint Governing Identity Attributes Blog Embedded Image 2025

Importance of Governing Identity Attributes

Dynamic Access Control

In a dynamic access control environment (Zero Trust), access decisions are made based on real-time evaluation of identity attributes and contextual information. Identity governance plays a pivotal role in ensuring that these attributes are accurate, up-to-date, and relevant. Effective identity governance facilitates:

  • Real-time Access Decisions: By maintaining a comprehensive and current view of identity attributes, organizations can make informed and timely access decisions, ensuring that users have appropriate access rights based on their roles, responsibilities, and the context of their access request.
  • Adaptive Security: Identity governance enables adaptive security measures that can dynamically adjust access controls in response to changing risk levels, user behaviors, and environmental conditions.

Attribute Provenance

Attribute provenance refers to the history and origin of identity attributes. Understanding the provenance of attributes is critical for ensuring their reliability and trustworthiness. Identity governance supports attribute provenance by:

  • Tracking Attribute Sources: Implementing mechanisms to track the origins of identity attributes, including the systems and processes involved in their creation and modification.
  • Ensuring Data Integrity: Establishing validation and verification processes to ensure the integrity and accuracy of identity attributes over time.

Attribute Protection

Protecting identity attributes from unauthorized access, alteration, or misuse is fundamental to maintaining a secure access control environment. Identity governance enhances attribute protection through:

  • Access Controls: Implementing stringent access controls to limit who can view, modify, or manage identity attributes.
  • Encryption and Masking: Utilizing encryption and data masking techniques to protect sensitive identity attributes both at rest and in transit.
  • Monitoring and Auditing: Continuously monitoring and auditing access to identity attributes to detect and respond to any suspicious activities or policy violations.

Attribute Effectiveness

The effectiveness of identity attributes in supporting access control decisions is contingent upon their relevance, accuracy, and granularity. Identity governance ensures attribute effectiveness by:

  • Regular Reviews and Updates: Conducting periodic reviews and updates of identity attributes to align with evolving business needs, regulatory requirements, and security policies.
  • Feedback Mechanisms: Establishing feedback mechanisms to assess the effectiveness of identity attributes in real-world access control scenarios and make necessary adjustments.

Risks Associated with ABAC and RBAC

ABAC Risks

ABAC relies on the evaluation of attributes to make access control decisions. While ABAC offers flexibility and granularity, it also presents several risks:

  • Complexity: The complexity of managing a large number of attributes and policies can lead to misconfigurations and errors, potentially resulting in unauthorized access or access denials.
  • Scalability: As the number of attributes and policies grows, the scalability of the ABAC system can be challenged, affecting performance and responsiveness.
  • Attribute Quality: The effectiveness of ABAC is heavily dependent on the quality of the attributes. Inaccurate, outdated, or incomplete attributes can compromise access control decisions.

RBAC Risks

RBAC assigns access rights based on predefined roles. While RBAC simplifies access management, it also has inherent risks:

  • Role Explosion: The proliferation of roles to accommodate varying access needs can lead to role explosion, complicating role management and increasing administrative overhead.
  • Stale Roles: Over time, roles may become stale or misaligned with current job functions, leading to over-privileged or under-privileged access.
  • Inflexibility: RBAC may lack the flexibility to handle dynamic and context-specific access requirements, limiting its effectiveness in modern, agile environments.

Importance to a Zero Trust Model

The Zero Trust model is predicated on the principle of “never trust, always verify,” emphasizing continuous verification of identity and context for access decisions. Governing identity attributes is integral to the Zero Trust model for several reasons:

  • Continuous Verification: Accurate and reliable identity attributes are essential for continuous verification processes that dynamically assess access requests in real-time.
  • Context-Aware Security: By governing identity attributes, organizations can implement context-aware security measures that consider a wide range of factors, including user behavior, device health, and network conditions.
  • Minimizing Attack Surface: Effective governance of identity attributes helps minimize the attack surface by ensuring that access rights are tightly controlled and aligned with current security policies and threat landscapes.

Governing identity attributes is a cornerstone of modern access control strategies, particularly within the dynamic and contextual environments that characterize today’s IT ecosystems. By supporting dynamic access, ensuring attribute provenance, protection, and effectiveness, and addressing the risks associated with ABAC and RBAC, identity governance enhances the security and efficiency of access control mechanisms. In the context of a Zero Trust model, the rigorous governance of identity attributes is indispensable for maintaining robust and adaptive security postures, ultimately contributing to the resilience and integrity of organizational systems and data.

To learn more about SailPoint’s cybersecurity capabilities and how it can support mission-critical DoD initiatives, view our technology solutions portfolio. Additionally, check out our other blog highlighting the latest insights into “The Role of Identity Governance in the Implementation of DoD Instruction 8520.04”.

Carahsoft Technology Corp. is The Trusted Government IT Solutions Provider, supporting Public Sector organizations across Federal, State and Local Government agencies and Education and Healthcare markets. As the Master Government Aggregator for our vendor partners, including SailPoint, we deliver solutions for Geospatial, Cybersecurity, MultiCloud, DevSecOps, Artificial Intelligence, Customer Experience and Engagement, Open Source and more. Working with resellers, systems integrators and consultants, our sales and marketing teams provide industry leading IT products, services and training through hundreds of contract vehicles. Explore the Carahsoft Blog to learn more about the latest trends in Government technology markets and solutions, as well as Carahsoft’s ecosystem of partner thought-leaders.

The Role of Identity Governance in the Implementation of DoD Instruction 8520.04

On September 3, 2024, The Department of Defense (DoD) released Instruction 8520.04, titled “Access Management for DoD Information Systems,” that serves as a foundational policy guiding the secure and efficient management of access to DoD information systems. The instruction mandates protocols for managing access across various environments, including military networks and systems used by both person entities (PEs) and non-person entities (NPEs) such as devices, applications, and automated processes. At the core of this policy is the principle of identity governance, which is essential for ensuring that access to sensitive systems and data is granted, monitored, and revoked based on verified identity attributes and defined security policies.

In the dynamic cybersecurity landscape, the concept of identity governance refers to the frameworks and processes that manage the lifecycle of digital identities. This includes the creation, management, and deletion of user accounts as well as the provisioning and de-provisioning of access rights based on a combination of user attributes, roles, and organizational policies. Identity governance is critical for compliance with the DoD’s Zero Trust Architecture, as outlined in the DoD Zero Trust Strategy. It emphasizes least privilege, continuous verification, and dynamic access control, all of which are key components of DoD Instruction 8520.04​.

The policy serves as maturation of the departments ICAM initiatives over the past few years and highlights some key concepts that need to be adopted across the departments ecosystem. Here are some key examples of how identity governance aligns with and strengthens this policy:

1. Access Control and Provisioning

One of the primary elements of identity governance is the effective provisioning and de-provisioning of access. This aligns with Section 4 of DoD Instruction 8520.04, which mandates that access to systems be carefully controlled through explicit or dynamic mechanisms. Explicit access involves manually provisioning access rights to specific users, which must be meticulously documented and approved by system or resource owners. On the other hand, dynamic access relies on real-time attribute verification to grant or deny access based on the most current information available, such as the user’s role, location, or security clearance​.

SailPoint Identity Governance for the DoD Blog Embedded Image 2024

Identity governance solutions play a crucial role in these processes by automating provisioning and de-provisioning based on predefined policies. When a user’s role changes or they leave the organization, governance systems automatically adjust access rights, ensuring compliance with de-provisioning requirements. This automatic adjustment helps prevent orphaned accounts—user accounts that are no longer needed or authorized—which can pose serious security risks if left unmanaged.

2. Authoritative Attribute Services

DoD Instruction 8520.04 emphasizes the importance of authoritative attribute services (AAS) in maintaining the accuracy, integrity, and security of identity attributes used in dynamic access decisions. Identity governance frameworks are designed to integrate with these authoritative services, ensuring that identity attributes such as security clearance levels, employment status, and role-based entitlements are accurate and up-to-date. This enables the DoD to enforce dynamic access control based on real-time identity data​.

For example, a DoD system that relies on dynamic access might check a user’s current security clearance, job function, or location in real time before granting access to a sensitive file or system, or assign a critical role. These checks are enabled by robust identity governance systems that pull data from authoritative attribute services and apply organizational policies to ensure that access is only granted to those who are fully authorized and meet the predefined criteria.

3. Least Privilege and Separation of Duties (SoD)

The concept of least privilege—granting users the minimum level of access necessary to perform their duties—is another foundational principle of both identity governance and DoD Instruction 8520.04. In Section 4.2 of the instruction, system and IT resource owners are required to document and implement explicit access policies that adhere to least privilege standards. Furthermore, systems must implement SoD controls to prevent a single user from having conflicting roles, such as both creating and approving financial transactions​.

Identity governance frameworks are uniquely equipped to manage SoD by automating the assignment of roles and enforcing policies that prevent users from being granted conflicting privileges. Governance solutions continuously monitor user access and provide alerts if SoD violations occur. By integrating these capabilities with the DoD’s access management protocols, identity governance helps ensure that users cannot escalate their privileges or circumvent access controls, thereby reducing the risk of insider threats and security breaches.

4. Continuous Auditing and Compliance

Continuous auditing and monitoring of user access is a critical requirement under DoD Instruction 8520.04, particularly for privileged users. Identity governance solutions enable DoD components to implement robust audit trails that track every access request, change in privileges, and system interaction. This is particularly important for IT privileged users—those with elevated access to critical systems and sensitive data—who require enhanced monitoring to detect and respond to suspicious activity​.

Through the use of identity governance tools, DoD organizations can enforce periodic access reviews, as mandated by the instruction, to ensure that users only have the access they need and that privileged access is justified and properly documented. These reviews are automated and documented within governance systems, reducing the manual workload on administrators and enhancing the overall security posture by ensuring compliance with regulatory requirements.

5. Integration with Zero Trust Architecture

The DoD Zero Trust Strategy emphasizes the need for continuous verification of users and devices as they request access to systems and data, rather than assuming trust based on their presence inside the network perimeter. Identity governance systems are integral to the implementation of Zero Trust principles within the DoD, as they enable real-time verification of identity attributes and ensure that access is granted only after all conditions are met​.

For instance, an identity governance system might check not only a user’s identity but also their security status, the network they are using, and the time of the access request before enabling access to sensitive data. This multi-layered approach to access control ensures that even if one security measure is compromised, others are in place to protect critical resources.

In Conclusion

Identity governance is a foundational element of the DoD’s efforts to secure access to information systems under DoD Instruction 8520.04. By providing a structured approach to managing digital identities, provisioning access, enforcing least privilege and separation of duties, and maintaining continuous auditing and compliance, identity governance systems enable the DoD to meet the stringent security requirements laid out in the instruction. Furthermore, identity governance is a critical enabler of the DoD’s shift toward a Zero Trust Architecture, ensuring that access to sensitive systems is dynamically controlled based on real-time identity attributes and organizational policies.

As cyber threats continue to evolve, the integration of identity governance with access management protocols like those found in DoD Instruction 8520.04 will be crucial in maintaining the security and integrity of the DoD’s information systems and the data they protect.

For a details of how SailPoint Identity Security supports the departments current ICAM and Zero Trust initiatives, and specifically how the capabilities of the platform align with the requirements of the policy, please download the report here.

The Evolution of Technology in the Defense Industry at DoDIIS

Innovation in Government benefits the changing and growing needs of the nation, and the Department of Defense (DoD) leads the way in both innovation and security. The Department of Defense Intelligence Information System (DoDIIS) is a conference for the nation’s top military and technology specialists to share insights revolving around the show’s theme – ‘Chaos to Clarity: Leveraging Emerging Technologies.’ Fed Gov Today joined Carahsoft on the show floor to discuss IT and OT updates, artificial intelligence (AI) and machine learning (ML) and priority technology updates with military thought leaders.

Departmental Shift to Information Technology

Carahsoft DoDIIS Defense Recap Blog 2023 Embedded Image 2024The DoD aims to refresh technology and standardize user experience across the department as a response to employee feedback. These standards are partially inspired by Zero Trust models and codifying existing standards. Through the implementation of office management and hiring defense digital service experts, agencies will update hardware and endpoints, refresh outdated technology and enhance overall IT capabilities. Executing these standards will require time and financial resources, and to properly utilize all acquired resources, a new generation of industry professionals will need to be onboarded. By building off effective processes from previous initiatives and hiring new talent that is optimally suited for these processes, the department can make strides in software such as cloud computing, generative AI and Zero Trust. The introduction of the Joint Operational Edge Cloud (JOEC) is also critical in accelerating cloud computing for combat tactical edge usage during the interim shifts in technology. At record speeds, the DoD must move from hardware defined enterprise towards modifying software.

AI Evolution

While AI is in its infancy, prototypes show a promising and interesting future where machines are trained to complete work. With more than 1,200 AI applications across civilian agencies, and various similarities and differences in the way AI is used by Government and commercial agencies, there is a lot the Federal sphere can learn from commercial agencies. In the private sector, companies tend to build back-end architecture for AI, providing fast access to all data. The Federal Government can optimize this plan by automating AI/ML to gain tactical advantage against machine adversaries. AI can also aid in predicting component failure. This helps agencies get hardware and software back on track as soon as possible, as well as help with mission planning. The private sector offers a myriad of ideas the Government can leverage for efficiency, such as AI in healthcare, sustainable energy and creative component and finance management.

DIA Initiatives

The Defense Intelligence Agency (DIA), a service provider on behalf of the defense industry, has a comprehensive IT strategy made up of five key priorities:

  1. Among both classified and unclassified networks, the DoD should implement top secret connection.
  2. With the transition to working from home, employers must enable workplace inclusivity through technology, especially for employees with disabilities.
  3. Enable workers to access data applications from one fully integrated place by consolidating network systems, such as desktop environments.
  4. As internally shared information becomes more complex, the DIA must update technology to strengthen intelligence sharing.
  5. Authorize worldwide connectivity for the Joint Worldwide Intelligence Communications System (JWICS), the DoD’s house for sensitive information. This means a reliable and secure connection regardless of environment and its proximity to data centers.

By maintaining pace with world class technology such as the cloud and AI, the DoD will lead the nation in secure communication and strategies.

Check our more resources, interviews and highlights from the event floor at DoDIIS at FedGovToday.com.

Mobilizing Law Enforcement Agencies Through Technology and Security Innovations at IACP 2023

Law enforcement professionals provide a crucial function in society. By leveraging modern technology advancements, agencies can achieve that quality of service and keep the American people safe from ongoing threats. The International Association of Chiefs of Police (IACP) Annual Conference and Exposition 2023 offered law enforcement agencies and security professionals the opportunity to learn from experts in the top fields, develop partnerships and get access to technologies that will aid in navigating the current landscape.

Securing Sensitive Law Enforcement Data 

A reoccurring challenge for law enforcement is an increase in ransomware attacks against them. Agencies reported a significant jump in attacks in the last two years, from 34% of departments reporting a ransomware hack in 2021, to nearly 69% in 2023. The average ransomware payment increased 500% in 2023 to over $1 million and over 25% of these attacks began with a phishing or malicious email. To combat this, agencies and departments must strengthen their cybersecurity postures and align with the NIST Cybersecurity Framework. Speakers at IACP provided five themes of questions agencies should ask to evaluate their cyber readiness: 

  1. Identify: Is our agency able to find weak spots, prioritize our response to them and track them? Have we done asset management, risk assessments and supply chain risk management? 
  2. Protect: Is our “front door” locked? Are we taking proactive measures to protect our data today? Have we implemented identity and access management (IAM), awareness and training and overall data security procedures? 
  3. Detect: Can we tell when something goes wrong? Can we identify issues confidently and quickly in the case of an anomaly? 
  4. Respond: How do we respond when bad things happen? Have we instituted clear communication, analysis, mitigation and response planning? 
  5. Recover: Are we ready to recover and learn from an incident and make the necessary changes to ensure it does not happen again? 

Carahsoft IACP 2023 Law Enforcement Tradeshow Recap Blog Embedded Image 2024Addressing these questions and acting on them means committing to fostering a culture of security and secure best practices. There are many technologies that can aid in this endeavor including artificial intelligence (AI) Ops, which assesses system patterns and behaviors to identify and surface anomalies; IAM, which provides an extra layer of authentication through biometrics and contextual authorization; and cloud and virtual environments, which agencies can employ in combination with infrastructure-as-a-service to enhance security. 

The Federal Bureau of Investigation (FBI) Criminal Justice Information Services (CJIS) has released two new updates to its security policy, Versions 5.9.1 and 5.9.2, based on the key pillars of data confidentiality, integrity and availability. These policies now require initial security training for personnel who need access to Department of Justice (DOJ) materials as well as the completion of yearly training for the extent of their access time. In conjunction with these policies are key technologies to safeguard data such as IAM, multi-factor authentication (MFA), system monitoring and others. Employing these solutions and safety measures boost community trust in law enforcement and the security of digital evidence. CJIS policies also reiterate to law enforcement officers the importance of doing their due diligence in securing both the data and their vital tools that otherwise could be rendered obsolete in the event of an attack. The Cybersecurity and Infrastructure Security Agency (CISA) has dedicated funding for state agencies to help with this endeavor of protecting the LE cyber space. 

Rising Innovative Technologies for Law Enforcement Agencies 

Implementation of body worn cameras (BWC) has been a growing initiative for law enforcement (LE) agencies for the last several years. With the Bureau of Justice Assistance’s Body Worn Camera Policy and Implementation Program (BWCPIP) more departments are able to receive grant funding and training for BWCs allowing more widespread usage of the technology especially in small, rural or tribal LE agencies. So far, this program has provided over $180 million in funding towards this effort. To support these BWC data advancements and further the technology benefits, LE agencies are looking for cloud storage and organization solutions, interoperability for data sharing, AI algorithms to efficiently tag videos and analytics software to pull relevant insights. 

AI in the law enforcement field also provides many other time saving benefits including automating some procedures and everyday tasks like report writing. Before implementing AI, agencies must audit their current processes to assess the specific use cases and preemptively address any challenges. Establishing guidelines for AI usage by law enforcement, not only assists internally with governance and accountability, but also helps build public trust by delineating the technology capabilities. 

Drones are another up-and-coming technology displaying value across public safety and emergency response. In the aftermath of Hurricane Ian in 2022, LE agencies deployed unmanned aircraft systems (UAS) and, through these drones, were able to conduct situation assessments, wide area searches, mapping of critical roadways to expedite the movement of resources and more. This UAS teaming approach has increased the speed and efficiency of first responders, as well as the ability to easily share the information with other agencies. 

 

Whether it is body worn cameras and drones, or AI, cloud and other solutions, security must be baked into the technology and operational processes. As partners in this current landscape, every party involved both in law enforcement and industry has the responsibility to educate themselves and maximize collaboration and the technologies available to continue to make the United States a safe place.  

To learn more about Carahsoft’s Law Enforcement Technology Solutions, visit our vertical portfolio and start your journey to enabling a safer tomorrow. 

 

*The information contained in this blog has been written based off the thought-leadership discussions presented by speakers at the IACP Annual Conference and Exposition 2023.*

Revolutionizing Communication with 5G

As technology progresses, communication is revolutionized worldwide. To maintain pace with cybersecurity and technology standards, the United States Government can utilize the transformative features of 5G, the fifth-generation global wireless technology standard for cellular networks.

Transforming Network Standards with O-RAN

With the development of Open Radio Access Networks (O-RAN,) a feature that allows interoperability between cellular network equipment providers, the development and integration of 5G has greatly expanded. The role of O-RAN has important applications in the Department of Defense (DoD), whose goal is to promote national and economic security. By integrating 5G networks into the defense sector, different departments can quickly communicate with each other. With the usage of O-RAN and 5G combined, agencies have a much larger, diverse ecosystem of vendors to choose from.

As with any new feature, there are costs to the implementation process. In the 2021 National Defense Authorization Act, Congress put aside $1.5 billion dollars which is being utilized to develop a unified vision and strategy towards O-RAN and 5G. The congressional statutory language calls out seven big-picture objectives, most of which are centered around promoting the deployment of 5G. These are to:

  1. Add network virtualization
  2. Authorize new security features
  3. Accelerate the development of technology
  4. Promoting the deployment of 5G within the DoD
  5. Develop standards to enable a multi-vendor ecosystem
  6. Create open, interoperable telecommunication networks
  7. Allow interoperability to manage multi-vendor situations

While the act provides ten years to carry out its strategy, these standards should be added as soon as possible due to the fast-paced development of technology.

Aiding the DoD

Carahsoft 5G Summit Recap Blog Embedded Image 2023The DoD and 5G form a mutually beneficial relationship. 5G is created with security built in, so an investment in 5G is an investment in cybersecurity. By utilizing 5G at bases, the DoD can test its capabilities, as well as streamline and amplify the effectiveness of non-combat operations. This can include supply chain efficiency, large scale IoT networks, asset tracking and logistics management all while reducing costs. In return, the DoD tests and further funds 5G. The addition of 5G can provide lower mission costs, enhanced speed and provide higher quality operations. It also factors in risk reduction to each operation, by taking the cumbersome human process out of the equation and making certain operations less complex.

For the DoD, the key motivations in testing and using 5G are threefold. One, it aims to achieve streamlined and functioning interoperability, where individuals can handle operations from a single tablet. Two, it aims to reduce the amount of manual handling in operations. Since 5G has the latency to compute such artificial intelligence (AI) and machine learning (ML) capabilities, it can perform time consuming tasks such as perimeter security. And three, the usage of 5G allows the DoD to gather data about 5G to utilize predictive analytics in the future.

The Future of 5G

There is more that 5G can do for military applications. With the advantage of 5G, there may be a paradigm shift in the usage of private wireless and on-demand communication. One of the biggest advancements of using 5G in a military context is the flexibility that comes with 5G being cloud native. 5G provides more capacity than traditional Wi-Fi or hotspots as it focuses on transport networks. With 5G, international communication could be streamlined, as frequency coordination between departments and consumers would no longer be required. 5G comes with the benefits of mobile edge computing and being O-RAN compliant, meaning it is up to Federal standards. This could even be helpful in residential rural and remote environments, where internet and satellite access is limited. There have been tests across various United States bases, aiming to utilize ML to tailor 5G to each user’s needs. To get these features, consistent testing is vital, even if it is not immediately profitable.

With all the changes to the way combatants use technology, it is important to enable the military to integrate 5G operations. By codifying new strategies and usage methods, agencies can reference, read and follow through with new procurements. With the addition of 5G, communication within the DoD and nation can be revolutionized in nearly unimaginable ways.

 

Visit Carahsoft’s 5G technology solutions portfolio to learn more about Carahsoft’s 5G Summit event and how we, along with our partners, can leverage the best and most reliable services to support your organization’s 5G mission.

*The information contained in this blog has been written based off the thought-leadership discussions presented by speakers at Carahsoft’s annual 5G Conference.*

Transitioning Towards a Sustainable Healthcare Mindset at DHITS 2023

Since the Defense Health Agency (DHA) oversees the entire military health system, it knows how important it is for members of the military and their doctors to be able to access medical records quickly and universally. In August 2023, the DHA hosted the Defense Health Information Technology Symposium (DHITS) where military health system (MHS) stakeholders discussed its newest asset– the Military Health System (MHS) Genesis. With the creation of this universal health record database, military members’ health records can easily be accessed, whether they are active-duty or not. Currently being rolled out in waves, the MHS Genesis plans to expand health records accessibility between different military branches.

Benefits from MHS Genesis

While still new, the MHS Genesis already shows improvements in several areas which include:

  • Enterprise and Cultural Interoperability: Some doctors may have different views or standards than others. This universal system makes patient files easily accessible to any doctor, regardless of military branch or practice. Now, the IT systems and Electronic Health Records (EHR) work together seamlessly. Different military branches will be able to use the same uniform system when it comes to accessing patient files and records, making the job easier for both patients and doctors.
  • Patient-Centric Care: With the MHS Genesis technology enhancements, it is now easier than ever to meet patients at their home on a Tuesday through telehealth. Telehealth is especially important within the military to give patients flexibility in choosing appointments as well as requesting information or gaining access to their medical records.
  • System and Process Automation: Medical professionals struggle with the global constraint of time. The MHS enables providers to automate tasks, saving time on things like paperwork and allowing for more one-on-one patient care.

Carahsoft Healthcare at DHITS Tradeshow Blog Embedded Image 2023Next Steps for the MHS

Currently, the entire DoD is at an 86% implementation rate for the MHS Genesis. It is actively being used in all DHA locations in the U.S. with plans to incorporate the universal health record system into the remaining treatment facilities outside of the United States by the end of 2023.

As leaders within the MHS continue their journey into modernization and sustainability, it is important that they equip people with the right knowledge and skills to be able to deliver their future vision of what military medicine should look like. The number one purpose of this emerging technology is to ensure the medical readiness of the military. The MHS Genesis will help guarantee that this stays a top priority, as it creates better access to information and helps deliver that information to the decision makers. Using Artificial Intelligence (AI) in medical settings is an exciting development that will help with diagnosing, personal assistants, risk analysis, forecasting and more. Through AI support, doctors will be able to spend more time on their patients and less time on large amounts of paperwork.

While the implementation of the MHS Genesis has been a success, all branches of the DoD must continue to communicate and collaborate openly and effectively. They must also involve other stakeholders by breaking down data silos and sharing freely what does and does not work in an enterprise setting. This will ultimately help with addressing public health challenges, ethically using AI in a medical setting, cybersecurity and more.

The MHS journey coincides with changing the deployment approach to a “sustainment” mentality. A sustainment mindset involves focusing on:

  • Optimization of user experience: Seeking feedback and continuing to adjust the technology to enhance user experience
  • Scalability: Scaling the success and implementing the changes across the enterprise if success is found with one configuration setup
  • Standardization: Creating a standard vocabulary and process for enterprise usage, so people communicate with the same terminology across the MHS

At the end of the day, the most important thing is that patients receive the care they need. Through the MHS Genesis and the IT solutions discussed at DHITS, the MHS hopes to greatly boost patient experiences, increase trust in the military health system, reduce healthcare provider burnout and give patients and clinicians access to data in real-time.

 

Visit Carahsoft’s Department of Defense and Healthcare solutions portfolios to learn more about DHITS 2023 and how Carahsoft can support your organization in these critical marketplaces.

*The information contained in this blog has been written based off the thought-leadership discussions presented by speakers at DHITS 2023.*

Generative AI, DevSecOps and Cybersecurity Highlighted for the Air Force and Space Force at DAFITC 2023

Thousands of Space Force and Air Force personnel and industry experts convened to discuss the most current and significant threats confronting global networks and national defense at the 2023 Department of the Air Force Information Technology and Cyberpower Education & Training (DAFITC) Event. Throughout the many educational sessions, thought leaders presented a myriad of topics such as artificial intelligence (AI), DevSecOps solutions and cybersecurity strategies to collaborate on the advancement of public safety.

Leveraging Generative AI in the DoD

At the event, experts outlined three distinct use cases for simplified generative artificial intelligence in military training.

  • Text to Text: This type of generative AI takes inputted text and outputs written content in a different format. Text to Text is associated with tasks such as content creation, summarization, evaluation, prediction and coding.
  • Text to Audio: Text to Audio AI can enhance accessibility and inclusion by creating audio content from written materials to support elearning and education and facilitate language translation.
  • Text to Video: Text to Video AI is primarily geared towards generating video content from a script to aid the military with language learning and training initiatives.

Dr. Lynne Graves, representative of the Department of the Air Force Chief Data and Artificial Intelligence Office (CDAO), provided attendees with a brief timeline of how the USAF will fully adopt artificial intelligence. The overarching aim for AI integration is to make it an integral part of everyday training, exercises and operations within the Department of Defense (DoD).

  • In FY23, the DoD is focusing on pipeline assessment. Using red teaming where ethical hackers run simulations to identify weaknesses in the system, internal military personnel target improvement of their infrastructure and mitigation of the vulnerabilities in the different stages of the pipeline.
  • In FY24, the emphasis will be on the Red Force Migration policy, which involves developing, funding and scaling the necessary strategies.
  • In FY25, the goal is for the department to become AI-ready. This entails preparing for AI adoption at all agency levels, establishing a standard model card that explains context for the model’s intended use and other important information, creating a comprehensive repository of data and implementing tools for extensive testing, evaluation and verification.

Carahsoft AI, Cybersecurity, DevSecOps at DAFITC Tradeshow Blog Embedded Image 2023USSF Supra Coders Utilize DevSecOps for Innovation

The current operations of United States Space Force (USSF) Supra Coders involve a range of activities that combine modeling, simulation and expertise in replicating threats. These operations are conducted globally, and currently include orbit-related activities, replication of DA ASAT (Direct Ascent Anti-Satellite) capabilities and the reproduction of adversarial Space Domain Awareness (SDA).

The USSF Supra Coders have encountered limitations with software solutions, including restrictions tied to standalone systems, licensing structures with associated costs and limited adaptability to meet the specific needs of aggressors and USSF requirements. DevSecOps presents a multifaceted strategy for mitigating the identified capability gaps noted by the USSF Supra Coders. It can help create more effective and efficient software solutions through seamless integration of security protocols, streamlining system integration processes, optimizing costs and enhancing customizability.

Cybersecurity Within the Space Force

Cybersecurity is a shared responsibility across the DoD but is especially relevant for the U.S. Space Force. As a relatively newly emerging branch of the military, the Space Force is still developing its cyber strategies. Due to its completely virtual link to its capabilities, the USSF must prioritize secure practices from the outset and make informed decisions to protect its networks and data.

Currently, the Space Force is engaged in the initial phases of pre-mission analysis for its cyber component which serves as a critical element for establishing and maintaining infrastructure through the integration of command and control (C2). These cyber capabilities encounter a series of complex challenges, which necessitate a multifaceted approach including the following solutions:

  • Enforcing Consistent Cybersecurity Compliance
  • Developing Secure Methods to Safely Retire Old Technology
  • Enhancing Cryptography Visibility
  • Understanding Security Certificate Complexity
  • Identifying Vulnerabilities and Mitigating Unknown Cyber Risks

While the Space Force faces a uniquely heightened imperative to bolster its cybersecurity capabilities with its inherent reliance on information technology and networks in the space domain, the entire community must collaborate effectively to achieve military leaders’ targeted cybersecurity capabilities by the goal in 2027.

The integration of generative AI in military training, innovations through DevSecOps by the USSF Supra Coders and cybersecurity initiatives of the Space Force collectively highlight the evolving landscape of advanced technologies within the Department of Defense. Technology providers can come alongside the military to support these efforts with new solutions that enhance the DoD’s capabilities and security.

 

Visit Carahsoft’s Department of Defense market and DevSecOps vertical solutions portfolios to learn more about DAFITC 2023 and how Carahsoft can support your organization in these critical areas. 

*The information contained in this blog has been written based off the thought-leadership discussions presented by speakers at DAFITC 2023.*

Returning to the Heart of Customer Experience: A Government for the People

At Carahsoft’s annual Government Customer Experience and Engagement Summit hosted in June, experts from industry and Federal, State, and Local Government came together to discuss stewardship, innovation and paths forward in customer experience (CX). At the one-day event, the thought-provoking sessions examined trends regarding two main themes in the CX journey: culture and technology. The culture track explored ideas for effective leadership, understanding and supporting employees and the importance of diversity, equity and inclusion. The technology track considered goals within IT modernization, artificial intelligence and automation and the digitization of services. This blog series highlights lessons learned from the 2023 Summit and unpacks strategies for achieving excellence in Government CX and engagement.

The Big Picture of Customer Experience

During the opening keynote session, President of GovExec360, Troy Schneider, held a discussion with Barbara Morton, Deputy Chief Veterans Experience Officer, Veterans Experience Office (VEO) at the Department of Veterans Affairs (VA), emphasizing the importance of accessibility and accountability in service delivery. Morton said that purpose is at the heart of customer experiences. Whether they are in the government or supporting from the outside, public servants must consider the barriers along with the opportunities that foster trust, serve the greater common purpose and create excellence in CX. In the Public Sector, CX establishes how constituents engage with civic services. By transforming CX, the public sector can build and progress toward greater trust with those it serves.

Carahsoft Customer Experience Engagement Summit Part 1 Blog Embedded Image 2023Great CX starts with an organizational understanding that building and sustaining trust matters. With that agreement in mind, organizations can better support the mission of delivering efficient CX by learning and adapting to the needs of people they are serving. Agencies should provide visibility to customers on the timeliness and process of their requests, as well as deliver on their promises to foster trust and assurance of reliability. Using human-centered design throughout all stages of CX is also essential for understanding the human perspective and anticipating customer needs. As data is collected throughout the human-centric design approach, organizations gain actionable insights that help them create the best tangible solutions for customer challenges.

Use Case: The Department of Veterans Affairs

Government agencies and organizations must focus on traditional operational measures, and the VA ensures it takes another step forward to evaluate experience-based metrics and treat these insights as co-equal when it comes to agency performance. Morton said that action drivers like executive orders and Office of Management and Budget’s (OMB) efforts are significant authorities in the transformation of Government CX to continuously progress toward access equitability and efficiency. With their guidance, agencies must agree on the top priorities for service delivery and then incorporate the human-centered design aspect. For example, the VA examines women and tribal veteran’s experiences to ensure it can translate those insights into meaningful and applicable products so those groups feel better understood when interacting with the VA. Additionally, in a digitally driven world, organizations must provide experiences with easy-to-navigate accessibility. Each agency should have a clear homepage or “digital front door” that customers know how and when to access.

Lasting Progress for Lasting Change

In the government, CX can make a measurable difference in the lives of individuals or families going through significant life changes, such as a natural disaster or medical crises as an active or retired veteran. Open source technology that intersects with the government at Federal, State and Local levels can achieve economies of scope and scale, and the improvement of financial savings proportionate to goods produced. The addition of effective CX technology allows government agencies to provide more assistance to more people, having a profound impact in their lives.

 

Check back soon to read the rest of Carahsoft’s insights from CX industry thought leaders at the summit.

 

To learn more about the latest in the CX landscape and how Carahsoft’s industry-leading partners can support your Customer Experience initiatives, please visit our resource hub to access all on-demand recordings and information from the 2023 Government Customer Experience and Engagement Summit.

Insights from SOF Week 2023

By maintaining effective collaboration and innovation, the U.S. furthers its quality defense. This year’s SOF Week conference was held May 8-11 in Tampa, Florida. Organized by the Global Special Operations Forces Foundation (GSOF) and the United States Special Operations Command (USSOCOM), the event offered attendees an exhibition hall and extensive networking and educational programming to discuss advanced physical and digital security measures within defense operations.

The Importance of People

The Marine Forces Special Operations Command is initiating a new program called Cognitive Raider. This initiative’s goal is to operate parallel to the Marine Corps by making a difference on the battlefield through a robust workforce. There are several traits the Cognitive Raider initiative is looking for in applicants. Individuals must be prepared to secure assets against adversaries and be able to operate, not only as an individual, but also as a part of a team. Other vital traits are professionalism, dependability and modesty in relation to their achievements. The Marine Forces deliberately select candidates who display character and are prepared to learn special skills that build the organization up for success.

As the military aims to advance along with the dynamic evolution of technology, they must prepare for significant and unpredictable changes. Agencies may need to repurpose existing technology and investments to gain results in new areas that were previously considered low priority projects.

Carahsoft SOF Week Recap Blog Embedded Image 2023Artificial Intelligence Driving Innovation

In the digital age, and in the U.S. specifically, the economic ecosystem is digitally connected. This makes cybersecurity vital to every part of daily life. Bad actors can utilize AI’s abilities to hack software before defensive tools have been put in place; however, there are ways to mitigate these challenges.

AI technology drives efficient capability by improving agency understanding of technology and by accelerating decision-making. While humans can only make a few decisions a minute, AI can make hundreds of thousands of precise calculations and execute accordingly. This makes AI helpful in performing penetration tests to identify security weakness for offensive cyber operations. In finding these weaknesses, agencies can get ahead in the cybersecurity battle against threats.

Innovation in U.S. Central Command

Innovation is a vital part of the national defense sphere, and emerging technology can be leveraged to drive agency growth. This means employees must be properly prepared to use new software. To achieve this, agencies need to implement mechanisms and processes that encourage employees to enact change.

Team collaboration can help agencies reach grounded conclusions. Having tech partners is vital, as agencies can swap information on their respective expertise to help each other accomplish their goals and optimize processes. Schuyler Moore, the Chief Technology Officer for U.S. Central Command said she collaborates with other team members “…consistently to scan and ask folks about what processes are working, and what good ideas [they] have that might improve on how we do things.”

To best support timely tech updates and modernization, agencies should begin by shifting the organizational structure to create new pipelines and entities to sustain long-term innovation. In addition, agencies should prioritize projects in correlation with the shifting agency needs. By utilizing recurring exercises and group conversations, organizations can coordinate employee efforts and set expectations on priorities and goals.

Collaboration around new technology drives important innovation for national security. By facilitating the sharing of these ideas, SOF Week has spurred on new defense developments and shared knowledge.

 

To learn more about the topics discussed at SOF Week, view Francis Rose’s full Fed Gov Today episode co-sponsored by Carahsoft.

*The information contained in this blog has been written based off the thought-leadership discussions presented by speakers at SOF Week 2023.*