Comply-to-Connect: Build the Foundation for Zero Trust with F5

As the DoD works to implement C2C, it faces numerous challenges. One pressing obstacle is the sheer scale and complexity of the DoDIN. Managing security across such an extensive enterprise network requires advanced tools capable of monitoring, automating, and securing a broad range of devices and systems—including industrial control systems, logistics platforms, and operational technologies.

Another major challenge is the rise in access-related breaches, making trusted access solutions essential. Attackers increasingly exploit encrypted traffic to hide malicious payloads, introducing additional layers of complexity.

Finally, ensuring rapid adoption of C2C under the zero trust framework demands seamless integration with existing systems, robust encryption strategies, and unified policy enforcement. Agencies must overcome these hurdles to achieve the visibility and security automation required for zero trust success.

Embracing zero trust requires a comprehensive ecosystem of solutions that address device visibility, secure access, and application protection—exactly what F5 brings to the table. By leveraging F5’s specialized capabilities, agencies can overcome the challenges of C2C implementation while maturing their cybersecurity posture across a range of potential entry points and attack surfaces.

1. Endpoints: Trusted app access with F5 BIG-IP Access Policy Manager (APM)

Access control is a critical pillar of zero trust. BIG-IP APM simplifies and centralizes access to applications, APIs, and data across cloud and on-premises environments. It offers modern authentication, single sign-on (SSO), and a consistent user experience—all within a stronger security framework powered by F5 BIG-IP Identity Aware Proxy (IAP). For federal agencies, BIG-IP APM enhances access validation by displaying custom warning banners, supporting strong credentials, and querying user attributes to enforce least privilege access.

Additionally, BIG-IP APM provides advanced client integrity checks, ensuring endpoint compliance with government security standards like the Host Based Security System (HBSS) and verifying the use of Government Furnished Equipment (GFE). This comprehensive approach enables agencies to safeguard against unauthorized access and improve endpoint security, a critical aspect of the C2C initiative 1.

The Identity Aware Proxy (IAP) is designed to reduce the need for VPNs by providing zero trust app access. It acts as a reverse proxy and may include browser extensions but is otherwise clientless. IAP allows you to control access at a granular level for all applications and supports both managed and unmanaged devices. This is not just about layer 7 ACLs, but a granular control that can be integrated with outside tools to grant or deny access based on context.

IAP also bridge modern and legacy authentication methods, supporting multi-factor authentication (MFA) and SSO for classic authentication (e.g., header-based), OAuth 2.0, SAML 2.0, and FIDO2 (U2F). It provides best-in-class per-app SSL, VPN, and zero trust app access, making it a single pane of glass for managing all apps. The integration with Microsoft's compliance retrieval service (Microsoft Intune MDM) and support for Microsoft Graph API further enhance its capabilities.

2. Identity services and integration partnerships

Zero trust is rooted in identity verification, and F5 solutions seamlessly integrate with trusted providers like Microsoft, Okta, and Ping. This partnership strengthens identity services for mission-critical applications, SaaS platforms, and cloud-based services, delivering a unified and secure user experience. By bridging identity gaps across diverse environments, F5 ensures agencies maintain strong, scalable zero trust capabilities.

F5 BIG-IP integrates with leading mobile device management (MDM) and enterprise mobility management (EMM) solutions, including VMware Horizon ONE (AirWatch), Microsoft Intune, and IBM MaaS360.

For implementation, F5 provides APIs and configuration options that allow for detailed integration with these MDM platforms, ensuring that only compliant and managed devices can access corporate resources through the Identity Aware Proxy functionality. The F5 integration provides:

• Device posture assessments by checking device compliance status from the MDM solutions before granting access to resources
• Verification of mobile device registrations in real-time
• Enforcement of access policies provided by the MDM platforms
• End-to-end policy and management controls

When integrating with MDMs like AirWatch, MaaS360, or Intune, the edge client establishes a VPN connection with BIG-IP APM, and the endpoint management system manages and sends device details to BIG-IP APM.

3. Applications: Layer 7 security for mission-critical apps

With organizations managing hundreds of applications, application-layer security is more important than ever. F5 provides advanced Web Application Firewall (WAF) solutions that protect against a range of threats, including Layer 7 distributed denial-of-service (DDoS) attacks, API attacks, and credential-based exploits. Behavioral analytics are continuously applied to ensure apps remain healthy and secure, supporting agencies’ zero trust strategies by securing mission-critical and cloud-based applications alike.

4. Network infrastructure: Securing encrypted traffic

As SSL/TLS encryption becomes the standard, malicious actors frequently leverage it to mask their attacks. To address this, F5 offers SSL visibility solutions that decrypt/encrypt traffic, eliminate blind spots, and apply policy-based orchestration across the full security chain. By securing inbound and outbound encrypted traffic, F5 enables agencies to enhance visibility while preventing threats from bypassing security controls—aligning perfectly with the goals of C2C and zero trust.