Zero Trust Helps Federal Agencies Move Software to Production Faster

Federal IT officials are leveraging zero trust to accelerate software deployment and secure emerging, information and operational technology.

Marine Corps Community Services (MCCS) Chief Digital Business Officer Dave Raley said adopting zero trust principles helped the War Department and MCCS speed up software acquisition and deployment from months to minutes.

“Without putting in the foundation of zero trust, creating and delivering faster acquisition cycles would not be possible,” Raley said Tuesday at GovCIO Media & Research’s Zero Trust Forum in Arlington, Virginia. “We have to collapse [that timeline] because it can’t be 18 months of process for compliance to get an authorization to operate (ATO) up.”

The emphasis on zero trust reflects both policy mandates and operational necessity. In June 2025, President Trump signed a new cybersecurity executive order that directed agencies to prioritize zero trust architectures and implement advanced threat detection. The order also requires agencies to update cybersecurity frameworks and streamline post-quantum computing (PQC) and AI cybersecurity initiatives.

World Wide Technology Strategic Advisor Ramon Thomas said applying zero trust principles can help keep systems secure as agencies introduce AI to their technology stacks. “Technology does not stop and it continues to evolve,” Thomas said, urging agencies to leverage zero trust frameworks as they adopt new systems.

To effectively apply those frameworks, agencies first need to inventory critical data, user access and devices, said the National Institute of Standards and Technology’s National Cybersecurity Center of Excellence (NCCoE) Technical Lead Parisa Grayeli. This inventory helps agencies better understand their existing cybersecurity infrastructure.

“If you don’t know what you have, you don’t know how to secure it,” said Grayeli. “You need to put it all together by looking at it end to end, and make sure the integrations work.”

Agencies must inventory not only IT systems and their data and vulnerabilities, but also operational technology devices, Navy Installations Command Enterprise Information Officer Shery Thomas said, noting that the growing number of IT and OT systems on naval bases — from port operations to building elevators — has expanded the number of attack vectors that must be secured.

“When you have the concatenation of all this data, it quickly elevates impact levels,” said Thomas. “With AI on top of that data … I need to see the end to end path.”