Air Force Announces a New Enterprise IT Roadmap

In late February, Jay Bonci, the Department of the Air Force's Chief Technology Officer (CTO), announced the release of the new IT modernization plan.

According to media coverage, the roadmap lays out the 10 core areas the Air Force is planning to address over the next few years, including: zero trust architecture (ZTA); identity, credentialing and access management (ICAM); software-defined wide area networks (SDWAN); core services; hybrid and edge cloud; pathways to cloud; data fabric; and workforce automation. 

Bonci said that the comprehensive enterprise IT roadmap – as well as the separate component plans for the core areas – will be posted to the Air Force Office of Information Dominance and Chief Information Officer, or SAF/CN website.

The department has posted the first two 1-page component roadmaps – zero trust and ICAM – and plans to release plans for SDWAN and core services by May and June respectively, with hybrid and edge cloud; pathways to cloud, data fabric; and workforce automation coming later in the summer.

Air Force Zero Trust and ICAM Roadmaps

The Air Force Enterprise ZT Roadmap outlines the quarterly actions and milestones the department will pursue during fiscal years (FY) 2023 through 2025 and beyond to modernize Air Force IT services and capabilities from its current state to its future state, addressing applications, networks, devices, continuous monitoring, policy, users, and data. Anticipated effects include enhanced cyber readiness and resilience and more robust risk-based authentication and authorization capacities.

Bonci described zero trust as “the 800-pound gorilla,” due to the complexity and scope of the challenge, but that ZT is achievable. However, Bonci noted that the Air Force is “not going to go and buy a zero-trust solution and drop it on top. It's going to be a lot of iterative motion for how to get there.”

In a similar fashion, the Air Force ICAM Roadmap portrays the department’s quarterly FY 2023-2025+ objectives to modernize its ICAM capabilities across user classes, systems, delivery mechanisms (e.g. cloud and edge computing), and networks (NIPR, SIPR, etc.). Services and strategic areas encompassed by the plan include functional and centralized-IT privileged access management (PAM), dynamic access management, single identity provider (IdP), identity data services, group management, attribute management, credential lifecycle management, federated credentials, and enterprise access management for deployed users in contested environments.

In FY 2023 the department will focus on building the foundational enterprise infrastructure and onboarding applications to support greater ICAM capacity and to address Financial Improvement and Audit Readiness (FIAR) priorities. FY 2024 efforts will focus on ICAM system migration, application adoption and deployed access. The target end-state between FY 2025 and FY 2028 is a unified enterprise ICAM solution and supporting systems that support dynamic access capabilities, while transitioning the department to more convenient, automated, and auditable risk-based and behavior-based dynamic access capabilities.

Waiting for the Overall Air Force IT Roadmap

At the time of this publishing, the Air Force has yet to post an overall Enterprise IT Roadmap document to the SAF/CN website. In addition to the ICAM and ZT component roadmaps noted above, the site does provide links to the September 2022 CIO Public Strategy for FY 2023 – FY 2028 and the six corresponding strategic Lines of Effort (LOEs).

The SAF/CN website also provides links to submit meeting requests to engage with the department or to submit feedback on the various roadmaps. During his remarks, Bonci encouraged industry to engage with the department and offer potential solutions.

It is unclear when the Air Force’s full enterprise IT roadmap will be release publicly. On the same day that Bonci was announcing the new roadmap, Air Force Chief Information Officer (CIO) Lauren Knausenberger announced that she will depart from the job in June, after holding the position since 2020. Hopefully, we will not have to wait until then to see the comprehensive roadmap.