The Communications-Electronics Command Army Software and Innovation Center in partnership with the Warfighting Acquisition University and the C5ISR Center, has developed an artificial intelligence tool that significantly accelerates the Army's transition to a Zero Trust cybersecurity framework. This supports the Department of War’s mandate to achieve Target Level Zero Trust by Fiscal Year 2027.
Zero Trust is a cybersecurity strategy based on the idea that networks are always at risk. Instead of trusting devices within the network, it requires every user and device to be authenticated and authorized before accessing data. Rolling out this approach across all Army systems is a big challenge, but it is necessary for operational readiness.
"Many organizations know they need Zero Trust, but I believe they're overwhelmed by not knowing where to begin," said Farhat Shah, a cybersecurity subject matter expert with CECOM ASIC.
Shah discussed this challenge and its corresponding solution during the Warfighting Acquisition University event, "Operationalizing Zero Trust – Leveraging Risk Management Framework and Artificial Intelligence," held on May 13.
During the presentation, Shah explained that the team started with a five-month project to crosswalk the 91 Zero Trust activities to the thousands of Control Correlation Identifiers in the Army's Risk Management Framework. This method aligns efforts down to the CCI level, which Shah calls "critical, because CCIs are actionable, testable elements that we use during our RMF assessments." This helps system owners use their existing compliance work to check their Zero Trust status.
"Our goal is to reduce duplication of effort," Shah said. "We want to save time and resources by leveraging existing work, and most importantly, reducing risk in a manageable and sustainable way. It is about aligning strategy, governance, and technology."
The core innovation is "AI Flow," an AI environment developed by CECOM ASIC. This tool processes a system’s RMF test results and automates the analysis to generate a Zero Trust baseline profile. In a pilot assessment of the Army Food Management Information System, the AI completed the review in about five minutes, compared to a week for a human expert. The assessment found that the AI was 89% accurate.
This system works with two agents. The first agent checks for compliance. If a system is noncompliant, the second agent investigates further, identifies specific gaps, and provides clear guidance, including references to the relevant policies and required documents. This transforms a simple compliance check into a step-by-step engineering process.
With the FY 2027 deadline approaching, CECOM ASIC seeks to partner with additional system owners to expand the tool's capabilities and help them quickly assess their Zero Trust posture.
"As we continue to refine this process, we're not just improving the tool; we are shaping a repeatable and scalable approach to support Zero Trust adoption across the enterprise," said Shah. "If you are interested in advancing Zero Trust automation or want to see how this approach can benefit your organization, I invite you to partner with CECOM ASIC to evaluate and refine this process."
This integration of existing frameworks and artificial intelligence provides a scalable, data-driven roadmap, that enables the Army to secure its systems and protect its data amid evolving digital threats.
For those who missed the May 13 session, the presentation and materials are available online. Personnel in the Defense Industrial Base, academia, and IT or cyber communities can access the recording and slides to learn how the Army is advancing cybersecurity. Watch the full presentation here:/events/operationalizing-zero-trust-leveraging-rmf-and-ai?fbclid=IwY2xjawR0OkVleHRuA2FlbQIxMABicmlkETFmMnFmeXpkeU9BUlNZR1pnc3J0YwZhcHBfaWQQMjIyMDM5MTc4ODIwMDg5MgABHrnPrE4yAKGejT9zRp0UtzbduaMBPZBRKvPfKg69HEFsykykm3vSdQD_pBkA_aem_I6vE76b4vsSgo7zP1THA7w
For inquiries or collaboration, contact ASIC Cybersecurity & Electromagnetic Warfare Directorate at Usarmy.apg.asic.mbx.zero-trust@army.mil.
Social Sharing