For more than two decades, Comply-to-Connect (C2C) has been a stated goal across the Department of Defense (DoD). The idea is simple: before a system, device, or user connects to the network, it must be verified as secure and compliant. In practice, however, C2C has been anything but simple. Early approaches relied on fragmented network access control (NAC) tools, point-in-time compliance checks, and manual processes that couldn't keep pace with evolving threats or complex federal environments.
These legacy solutions often created operational disruptions, false positives, and visibility gaps, while doing little to address insider risks or the reality of a global defense supply chain. C2C was treated as an access control problem rather than a continuous trust verification challenge. Today, that paradigm is shifting. By combining Zscaler's Zero Trust Exchange with CimTrak's real-time integrity monitoring and assurance, agencies can finally achieve the promise of C2C, continuous verification of system trust tied directly to secure access.
Quick Summary
After decades of stalled progress, Comply-to-Connect is finally operationally achievable. By implementing CimTrak's integrity assurance with Zscaler's Zero Trust access, federal agencies and the DoD can continuously verify trust, dynamically enforce security, and simplify compliance, all without disrupting mission operations.
The result is more than meeting a mandate. It's delivering the resilient, secure, and verifiable digital foundation the DoD has long sought, and doing so in a way that's practical, automated, and ready for today's mission demands.
Zero Trust and the C2C Connection
The federal government has made Zero Trust adoption a top priority, as reflected in executive mandates and the DoD Zero Trust Strategy. Agencies are progressing unevenly along this journey, but most face two consistent challenges:
- Continuous Integrity Verification Gaps — They can secure access but lack the ability to continuously validate the integrity of systems once connected.
- Siloed Visibility — Most tools only provide partial views of compliance, limited to either access or endpoint posture.
Cimcor's CimTrak Integrity Suite and Zsaler align in the face of these challenges. Zscaler delivers policy-based, least-privileged access through its Zero Trust Exchange, ensuring the right users and devices connect securely to the right resources. CimTrak complements this by continuously verifying that systems remain uncompromised, whether in on-prem, cloud, or OT/IoT environments, providing the system integrity assurance that Zero Trust requires.
.png?width=1920&height=1080&name=Zscaler%20and%20CimTrak%20(1).png)
Why Integrity Monitoring Matters
Zero Trust operates on the principle of "never trust, always verify." But verification is meaningless if the system itself has been misconfigured, compromised, or altered in a way that is not expected or authorized. This is why integrity monitoring is called out in Tenet #5 in NIST 800-207 and required as a part of a Zero Trust Strategy (ZTS).
CimTrak and Zcaler for Integrity Monitoring
CimTrak continuously monitors critical files, configurations, applications, and baselines against DISA STIGs and other secure configurations. It detects unauthorized changes in real time, provides automated rollback to known good states (i.e., baselines), and prevents configuration and compliance drift. When integrated with Zscaler, unauthorized changes immediately trigger access control responses. The Zero Trust Exchange can dynamically restrict or block access until the issue is fixed/remediated, preventing lateral movement or exploitation.
This right loop between direction, verification, and enforcement transforms C2C from a theoretical framework into an operational capability.
Closing the Gaps in DoD Zero Trust Overlays
The DoD’s Zero Trust Strategy overlays are prescriptive, focusing on visibility, automation, and continuous verification. The integration between CimTrak and Zscaler directly addresses these:
- Visibility – Continuous monitoring across hybrid, cloud, and operational technology.
- Automation – Real-time response to unauthorized changes through automated rollback and Zscaler’s dynamic access enforcement.
- Continuous Verification – Persistent integrity assurance that systems remain compliant, not just at login, but throughout the session and lifecycle.
CimTrak also provides the verifiable evidence the DoD requires for reporting an audit, easing the compliance burden while strengthening mission readiness and operational execution.
The DoD Zero Trust Capabilities Roadmap defines 152 capabilities mapped to NIST SP 800-53 controls across seven pillars (User, Device, Network/Environment, Application/Workload, Data, Visibility & Analytics, and Automation & Orchestration). Each capability is tied to specific controls that the DoD must implement, with a subset marked as “target controls”—the minimum required to achieve DoD’s Zero Trust baseline. The overlays provide a prescriptive, standardized mapping so that agencies can align their architectures, tools, and reporting to a consistent set of security outcomes. In practice, they turn Zero Trust from a broad framework into an actionable, measurable compliance roadmap for federal and DoD environments and support the effort of C2C.
The following depicts where Zscaler and CimTrak technologies align and intersect with the DoD’s Zero Trust Capabilities.
Strengthening Defense Against Advanced Threats
Sophisticated adversaries and insider threats can and will bypass traditional detection tools. This integration delivers a layered defense:
- Advanced Persistent Threats (APTs) – When malware evades traditional detection methodologies, any unauthorized file or configuration change is instantly flagged by CimTrak, with Zscaler enforcing access restrictions.
- Insider Threats – Integrity assurance detects suspicious and unauthorized changes from trusted users, while Zscaler ensures access is limited by policy.
- Continuous Trust Verification – Unlike legacy NAC, verification doesn’t stop once a device connects. Zscaler and CimTrak deliver real-time, session-based validation that adapts to continuous and ongoing risks.
Simplifying Compliance and Operations
Compliance reporting has long been a pain point for agencies. CimTrak and Zscaler together reduce this burden by:
- Automating evidence collection for audits and inspections.
- Mapping to DISA STIGs, NIST frameworks, and DoD Zero Trust overlays, ensuring agencies can demonstrate alignment.
- Providing unified visibility across environments, reducing the need for multiple tool deployments and manual reporting effort.
For agencies with limited resources, this is as much about operational efficiency as it is about security.
Looking Ahead: Automation, AI, and Future Integration
Automation and AI are accelerating the Zero Trust journey. In the future, this partnership will leverage machine learning to predict and prevent configuration drift, identify anomalous changes before they become incidents, and further reduce false positives.
Agencies should also be aware that while AI brings efficiency, it introduces new risks, such as model manipulation or over-reliance on automation without human oversight. The CimTrak/Zscaler approach balances automation with verifiable integrity assurance, ensuring humans remain in the loop where and when needed.
Looking forward, Cimcor and Zscaler are expanding integrations to provide deeper compliance mappings, enhanced operational tools, and greater automation, helping agencies achieve and sustain Comply-to-Connect at scale.
