Comply to Connect (C2C)

Comply-to-Connect, or C2C, is the Department of Defense’s next major step forward in network security for all networks comprising the Department of Defense Information Network (DoDIN) at both the non-classified and classified levels.

ACES was chosen to develop a prototype C2C solution and to demonstrate its effectiveness for the Office of the Secretary of Defense (OSD), Deputy CIO, under a Rapid Innovation Funding (RIF) effort. After ACES successfully demonstrated our C2C solution, the Defense Information Systems Agency (DISA) chose the core technologies we used as the foundation for the entire DoD C2C initiative, a security framework to provide the highest level of assurance for authentication, authorization, compliance assessment and automated remediation of devices connecting to the DoD information network (DoDIN).

The ACES management team flawlessly integrated with the DoD CIO team… ACES remained customer-oriented and exceeded government reporting objectives for the contract… The contractor aptly and exceptionally performed for the duration of the contract period of performance.

Office of Secretary of Defense

Chief Information Officer

The quality of workmanship and technical deliverables remains impeccable. They successfully completed all hardware installations of over 120 separate devices globally, ahead of scheduled time and supported reduced timelines imposed by the Government. The technical content provided has set the standard for other Information Technology (IT) programs and projects.

Marine Corps Systems Command

Program Manager

ACES was knowledgeable and poised to provide expert insight and guidance on both technical and political implementation barriers. The team showed integrity throughout the process and worked within our changing IT framework and process hurdles to achieve our desired outcome of an increased security posture. The value of the ACES team extended beyond design and implementation as they provided training to all interested parties.

Marine Corps Systems Command

Team Lead Systems Engineer

C2C is a program that delivers capabilities to accomplish two primary goals:

  • First, C2C fills existing capability gaps in currently fielded enterprise security solutions through complete device identification, device and user authentication, and security compliance assessment.
  • Second, C2C automates routine security administrative functions, remediation of noncompliant devices and incident response through the integration of multiple management and security products and continuous monitoring.
C2C - Visibility Across the DoDIN

Alamo City Engineering Services (ACES) Engineers are the pioneers of C2C with federal awards spanning the DoD, from OSD to the United State Marine Corps (USMC). We are the foremost experts of deployment and implementation of Forescout’s C2C & Continuous Monitoring (CM) as a Managed Service. From C2C to Zero Trust, we continue to enhance our ACES C2C application to support our customers’ DoD and cyber requirements, proactively reduce time/risk, and significantly increase device and user visibility.

ACES Delivers C2C

Among DoD officials, device visibility is a recognized shortcoming in the agency’s long-term network management and security strategies. C2C is rectifying this by providing tools that discover and categorize every connecting device, running them through inspection layers that assess devices and users against security policies, and authorizing connection only when compliant. C2C also orchestrates remediation actions taken against noncompliant devices to bring them into compliance and authorize their connection. It then continuously monitors all connected devices to ensure they remain compliant and secure.

Comply to Connect Steps

The ACES C2C solution delivers a Unified, extensible, interoperable platform that offers:

Step 1
Step 2
Step 3
Step 4
Step 5

Continuous Discovery & Identification

C2C discovers and identifies devices as they connect to the network. C2C identifies the devices using attributes such as device manufacturer, operating system, switch port connection, and more.
 
This information allows C2C to identify the device, and understand its configuration. C2C then groups the device with similar devices so that actions can take place later in the process.

Live Interrogation

Once the ACES C2C platform has discovered and identified the device, it interrogates the device which includes assessing STIG/SCAP compliance, ensuring it has been vulnerability scanned recently, patch compliance, prohibited software, and more!
 
After the ACES C2C platform ensures the device is compliant, it may to connect. Additional post-connect security controls can then be assessed for compliance.

Auto-Remediation

The ACES C2C solution automatically remediates noncompliant devices against pre/post-connect compliance policy checks. The remediation policies are extremely flexible and include:
  • Reinstall or start agents
  • Run vulnerability scans
  • Install or restart patch management software
  • Report or remove unauthorized software
  • Report or block external devices
  • Other defined customer automation policies

Authorizing Connection / Segmentation

Building on the data collected in the previous phases, the ACES C2C solution provides the granular access controls that serve as the foundation for a Zero Trust environment.

The ACES C2C solution can mitigate cross-domain violations, prevent the connection of spoofed devices, monitor OT/PIT/IoT/ICS/SCADA systems for unusual patterns, and continuously monitor connected devices.

Orchestration for Full Situational Awareness

The ACES C2C solution enables automatic and continuous enforcement of security policies. The visibility gained from the ACES C2C solution can be extended to other tools in the DoDIN to further automate workflows and accelerate response actions.

ACES defined the 5-step C2C process, and developed the solution the DoD later adopted organization wide. There is no organization in a better position to understand the C2C process and the steps involved, as well has implementing it successfully. ACES has the Forescout Certified Engineers (FSCE) subject matter expertise with the experience designing and delivering C2C and Continues Monitoring to the DoD.  ACES brings a customer focused integrity to deliver C2C from deployment through Orchestration.

The ACES delivered C2C solution provides continuous discovery, monitoring and reporting of traditional and non-traditional endpoints. Security process transformation to include automating security functions and sharing information across cybersecurity and management tools to optimize security, reduce risk to the Department of Defense (DoD) mission and meet the goals of the DoD Digital Modernization Strategy. Security product orchestration to include the use of policy-based control capabilities to increase the effectiveness of defensive cyber operations while reducing reliance on manual activities to perform routine administrative functions required to maximize security investments on DoD networked assets.

Interested in our services?