How Zero Trust Modernized Grants Management at Justice Department
The Office of Justice Programs leveraged zero trust strategies as a pillar to modernize its grants management system.
As federal agencies hunker down on modernization efforts and cybersecurity capabilities, the Office of Justice Programs has been integrating zero trust frameworks into the modernization of its grants management system over the past few years.
The office issues grants across the Justice Department and began modernizing its grants management system in 2018. After a year of planning, OJP’s IT team saw that integrating an identity governance strategy would be a critical piece of the modernization strategy. OJP CISO Jaime Lynne Noble noted this was especially key amid all of the stakeholders who engage with the grants system.
“We have people who are external — so law enforcement, communities, governor’s offices and the like who apply for grant funding through our system,” Noble said during a NextGov event. “We have a lot of external stakeholders who are then going to have identities within our system to do what they need to do to manage their funding, apply for their funding.”
Noble added that there are also internal stakeholders who work with OJP’s grants management system, including the FBI, Justice Management Division, Executive Office of U.S. Attorneys, Criminal Division and other components of DOJ. These individuals peer review and examine solicitations to ensure that grant applicants will appropriately use their funding.
To ensure secure access for these various parties, Noble and her team started to implement an identity governance system alongside an access management system for the grants management system starting in 2019. OJP conducted a bulk of this work by partnering with the General Services Administration’s SAM.gov and Grants.gov.
“If [users] want to apply for federal funding, they already have to have an identity in SAM.gov, so we match this entity administrator with their identity in SAM,gov,” Noble said. “The person is then responsible for inviting others to be part of their external organization to manage the funds. They typically have an application submitter, they have somebody who’s in charge of the funds, and then they have somebody that’s in charge at their entity that would approve or accept the award if they are awarded funding.”
Although these recent efforts securely expand the access perimeter around OJP’s grants management, OJP was relatively remote before this one instance of modernization and therefore had some zero-trust principles weaved into its infrastructure.
OJP’s IT organization had already implemented critical modernization components like implementing a virtual desktop infrastructure and remote access to tools, applications and certain data. Noble said the nature around this work made zero trust a preexisting pillar of importance for modernization efforts like those for the grants management system.
Throughout these shifts in security strategy, Noble said her team has noted that zero trust has driven overall IT modernization.
“Zero trust is really going to enable modernization of not only security architecture, but really our IT architecture overall,” Noble said. “We moved to the cloud, maybe eight years ago now, and … when we first started, we had to route all the traffic through our trusted internet connection and the Justice Department’s trusted internet connection. Now, with zero trust, it allows us to take advantage of not only Infrastructure as a Service cloud service providers, but Platform as a Service and Software as a Service, where we couldn’t route them through those internet connections as easily.”
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
Looking Back at the First Trump Administration's Tech Priorities
In his first term, Donald Trump supported cybersecurity, space policy and artificial intelligence development.
4m read -
Securing the Expanding Attack Surface in Cyberspace
Agencies undergoing digital transformation face a more intricate threat landscape and a wider threat target for adversaries looking to exploit vulnerabilities. This panel dives into strategies agencies are undertaking to safeguard these complex environments, including zero-trust architecture, vigilant monitoring and robust cybersecurity training.
30m watch -
Labor CAIO Outlines Responsible and Ethical AI Priorities, Use Cases
Department of Labor Chief AI Officer Mangala Kuppa outlined how her role is shaping the agency’s artificial intelligence strategy.
20m watch -
Elevating Cybersecurity in the Intelligence Community
The Intelligence Community is developing strategies to protect data and strengthen resiliency against emerging cyber threats.
30m watch