Appgate SDP
SDP Overview
Learn how Appgate SDP reduces risk and complexity, and why it's the industry's most comprehensive Zero Trust network access solution.
How Appgate SDP Works
Find out about the inner-workings of the most flexible and adaptable Zero Trust Network Access solution available today.
SDP Integrations
Explore security, IT and business-system integrations that can enhance and help you adapt Appgate SDP to your existing workflows
SDP for Developers
Access developer tools and resources to maximize the value of your Appgate SDP deployment.
Zero Trust Network Access for:
Risk-Based Authentication
Learn how Risk-Based Authentication provides a frictionless, intelligent and data-informed approach to user authentication.
Strong Authentication
Find out how you can provide secure, frictionless access with the right multi-factor authentication method.
Transaction Monitoring
Explore the tools you can use to intelligently identify and prevent online fraud.
Behavioral Biometrics Service
Learn how behavioral analysis and machine learning stop fraudulent online web activity in real-time.
Secure Consumer Access for:
Digital Threat Protection
Discover how you can gain unparalleled threat visibility and the risk management tools that enable early identification and elimination of potential attacks.
Key Features
Take a deep dive into the features and tools contained within our industry-leading Digital Threat Protection (DTP) solution.

Michael FriedrichJanuary 27, 2022

C2C and Zero Trust Security: The Ghosts Are Here and Zero Trust Is the Ghostbuster

Within federal government cybersecurity initiatives, Comply-to-Connect (C2C) has been a Department of Defense (DoD) directive for several years. But is C2C really a dynamic Zero Trust security principle … or just a component thereof?


2021 is going to be a year to remember with breaches, malware infections and outright cyber piracy of ransomware attacks reaching epic levels. You could almost close your eyes and see ghosts terrorizing the citizens of NYC like it was 1984 all over again. While this isn’t the movies and fictional ghostbusters aren’t on hand to save us, today’s cyberthreats are like the Stay Puft Marshmallow Man and Gozar the Gozarian bent on destroying everything in their path. And one could argue that Zero Trust security principles are the proton packs and ghost traps of the modern cybersecurity era.

In all seriousness, Zero Trust security is an evolution of legacy technologies and processes including now-obsolete VPNs (that we’ve repeatedly called for the death of), service-oriented architecture (SOA) and Identity, Credential and Access Management (ICAM) that in government circles, we add an F for Federal to make it FICAM. And then there's the DoD's C2C initiative, which we're focusing on for this discussion.

Is C2C really dynamic Zero Trust security?

Comply-to-Connect (C2C) has been a Department of Defense (DoD) directive for several years now. It was introduced to restrict unauthorized device access and verify and enforce that patches and hardened configuration are applied and updated continually before devices connect. But is that REALLY dynamic Zero Trust security? Or just a component thereof?

Frankly, devices are just one part of the larger equation. In a true Zero Trust architecture, the C2C could or would be leveraged in the initial access connection request (I.e., validation of a properly updated device) or as ongoing entitlement request to ensure access is still proper.

While C2C is part of Zero Trust architecture, Zero Trust security is made up of many technologies and processes. It’s not something you can buy and no single cybersecurity vendor in the federal or enterprise space can truthfully claim they have the ultimate solution. As I said in a Zero Trust Thirty podcast episode, Zero Trust starts with identity management. Without it, nothing else will happen, including C2C. If you don’t know where the users are, what devices they are using, their current state, etc., then how do you assign the proper level of trust?

Dynamic Zero Trust access is the goal and we need to keep this focus even as many new ways/use cases to leverage Zero Trust security emerge. To my federal agency colleagues, as you follow Zero Trust Executive Order and CISA mandates, I encourage you to ask hard questions of your vendors, test assumptions and make sure your use cases and technology choices can be integrated to make Zero Trust security the “threat buster” of today and tomorrow.

For more on how our Appgate Federal Division is leading the way, please visit

Additional resources:
Blog: Appgate and Rackspace Government Cloud Deliver FedRAMP-Approved Solution
Blog: Federal agencies: make a secure and scalable move to cloud with Zero Trust
Blog: Federal March To Zero Trust Security: CISA'S Guidance Focuses on Four Pillars
Infographic: 2021 Zero Trust Market Dynamics study
Webinar: Zero Trust for Critical Infrastructure

Receive News and Updates From Appgate