Tuesday, May 21, 2024

Comply-to-Join and Cisco ISE: Revolutionizing the Division of Protection

The Protection Info Programs Company (DISA) performs a basic function in guaranteeing that the U.S. Division of Protection (DoD) has the required data expertise and communications assist to satisfy its mission. Amongst its many initiatives, DISA’s Comply-to-Join (C2C) is an important framework that enhances community safety. On this weblog, we are going to discover how DISA’s C2C method is transformative, with simplified compliance and a centralized platform. Particularly, one which automates the invention of endpoints – all carried out with the usage of Cisco’s Id Providers Engine (ISE).

If it’s related, it’s protected

As Cisco’s Space Chief for Cybersecurity supporting United States Nationwide Safety entities and the DoD, I’ve the privilege of witnessing an evolution in how our authorities is securing its most important data property. I even have the distinct honor of nonetheless carrying the uniform, serving as a Lieutenant Colonel with the Military Nationwide Guard. In my army function, I function my Commander’s G6, or Chief Info Officer, overseeing all features of mission crucial data; from dissemination to move to storage and every thing in between.


Comply-to-connect ISE for DoD

Why Cisco ISE is crucial

DISA’s Comply-to-Join method is designed to scale back vulnerabilities and improve the resilience of the DoD’s data community towards more and more refined cyber threats. That’s the place Cisco ISE might help. It’s the business’s most generally adopted and awarded community entry and management (NAC) answer, however it’s a lot greater than that. It permits the creation and enforcement of safety and entry insurance policies for endpoint units related to the companies’ routers and switches. Not solely, that however ISE might be deployed within the cloud as nicely and is full of all the identical enhancements and options discovered within the on-premises model.

Cisco ISE is a vital part within the implementation of DISA’s C2C method. For Cisco’s Federal Clients, Cisco ISE has maintained market dominance with a platform method to securing entry that’s built-in, not bolted into the community. I encourage you to look at my transient dialogue on how they’re higher collectively (watch right here).

How Cisco ISE enhances DISA’s Comply-to-Join mandate

With Cisco ISE, our Nationwide Safety & Protection groups are closing the gaps in machine visibility by enabling and enhancing DoD community administration and safety methods. Within the area, I’ve seen how Cisco ISE has assisted the Division of Protection within the following methods.

  • Gadget Profiling: Cisco ISE excels at figuring out and profiling units trying to entry the community. It might probably dynamically classify endpoints into particular teams, providing granular management over community entry.
  • Coverage Enforcement: Cisco ISE automates the enforcement of safety insurance policies, ensuring that each one units adjust to the required safety necessities earlier than they will connect with the community. This adherence to coverage enforcement is crucial in sustaining the integrity of DISA’s C2C method as a result of if these units don’t comply, they’re not getting on the community. Easy as that.
  • Menace Containment: When a risk is detected, Cisco ISE can shortly comprise it by limiting community entry or utterly blocking the machine from the community. This fast response diminishes the catastrophes {that a} unhealthy actor can do whereas considerably lowering the potential harm from any safety breaches.
  • Steady Monitoring: Cisco ISE constantly displays the safety posture of related units, guaranteeing that they continue to be compliant with the newest safety updates and insurance policies. This fixed monitoring is important for sustaining the continuing safety of the community underneath the C2C framework. Even after a tool is let on to the community, it nonetheless will get rechecked each time to make it possible for it’s secure.
  • Scalability: Cisco ISE might be scaled to accommodate giant, various networks. This scalability is crucial for a large group just like the DoD, guaranteeing that each one units, no matter quantity or location, might be securely managed underneath the C2C framework.

Assembly DoD Zero Belief mandates

Cisco ISE with Comply-to-Join is the bridge that helps our mission targeted stakeholders meet their five-year zero-trust technique as a result of it’s the perfect Zero Belief coverage resolution level. Cisco ISE makes use of adaptive insurance policies to repeatedly confirm belief, implement trust-based entry, and shortly reply to adjustments in belief for resilient incident response.

As outlined within the DoD Zero Belief Technique doc[1], adopting zero belief requires a shift from a perimeter-based mannequin for belief to a “multi-attribute-based” mannequin for belief utilizing authentication and authorization that enforces least privileged entry. By simply integrating into present environments, Cisco ISE simplifies the transition to zero belief entry – particularly for advanced and huge networks just like the DoD.


I really like that I’m part of the Cisco group as a result of Cisco’s Safety options are an indispensable device in our Nationwide Safety and Protection arsenal towards cyber threats. And with the combination of Cisco ISE with DISA’s Comply-to-Join method, we’re serving to to offer a strong and complete answer for managing community entry and enhancing cybersecurity. One that’s enabling the DoD with the crucial functionality to profile units, implement insurance policies, comprise threats, and constantly monitor safety compliance.

By guaranteeing that each one units adjust to the newest safety updates earlier than accessing the community, the C2C method is considerably bolstered by Cisco Safety’s capabilities, enhancing the resilience of DISA’s data community towards cyber threats.

Subsequent steps for Comply-to-Join success



[1] https://dodcio.protection.gov/Portals/0/Paperwork/Library/DoD-ZTStrategy.pdf







Related Articles


Please enter your comment!
Please enter your name here

Stay Connected

- Advertisement -spot_img

Latest Articles