Criterion Systems at NLIT 2021

A proven Department of Energy prime contractor

A proven Department of Energy (DOE) prime contractor, Criterion is committed to protecting and securing our nation’s resources and national security interests through innovative cybersecurity and IT solutions.

We are happy to once again be sponsoring the NLIT Summit in 2021 and are preparing a panel on the Department of Energy (DOE) Zero Trust Reference Architecture to take place later this year.

Zero Trust

Panel at NLIT: Department of Energy (DOE) Zero Trust Reference Architecture

Zero Trust is the term for an evolving set of cybersecurity paradigms that move defenses from status, network-based perimeters to focus on data, assets, applications, and services (DAAS). Zero Trust assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location (i.e., local area networks versus the Internet) or based on asset ownership (enterprise or personally owned).” Zero Trust requires designing a simpler and more secure architecture without impeding operations or compromising security. The classic perimeter/defense-in-depth cybersecurity strategy repeatedly shows to have limited value against well-resourced adversaries and is an ineffective approach to address insider threats. For example, Zero Trust is designed to protect modern digital environments by leveraging network segmentation, preventing lateral movement, adding layer 7 threat prevention, and simplifying user access control.


  • Will DOE’s next generation cybersecurity architecture become data centric and based upon Zero Trust principles?
  • Will National Laboratories/Management and Operating (M&O) strategies include Zero Trust as part of creating a more secure, coordinated, seamless, transparent, and cost-effective IT architecture that transforms data into actionable information and ensures dependable mission execution in the face of a persistent cyber threat?
  • Will Zero Trust be used to re-prioritize and integrate existing DOE capabilities and resources, while maintaining availability and minimizing temporal delays in authentication mechanisms?

Criterion’s Zero Trust Approach

Criterion’s Zero Trust Approach assumes that an attacker is ever present within an environment. As such, our approach is an enterprise reference architecture that is based on drastically reducing the size of implicit trust zones while adding granular access rules and opportunities to enforce these rules. This is achieved by expanding the number of policy decision and enforcement points across key areas of the defense-in-depth model and leveraging both new and existing cyber capabilities to challenge subject and data movement. This approach will more effectively mitigate the risk of successful data breaches and limit internal lateral movement as a result of internal compromise. Our approach is also effective across any type of system boundary, whether it is on-premise, hybrid, or native cloud.

IT Modernization

Panel at NLIT: IT Lessons Learned and Modernization During the COVID-19 Crisis

October 13, 1:00 – 1:30 p.m. EDT


  • Rocky Campione, CIO, U.S. Department of Energy
  • Wayne Jones, Associate Administrator for Information Management and CIO, National Nuclear Security Administration (NNSA), U.S. Department of Energy
  • Roger Stone, Deputy Assistant to the President and Director of White House Information Technology


  • Bob Heckman, CIO, Criterion Systems, Inc.

IT’s response to the pandemic has highlighted the technologies, strategies and culture necessary to drive success going forward. The health crisis has dramatically changed the way IT departments provide services to their organizations. That includes supporting the massive shift to a work-from-home model that few could have fathomed a few months ago. But the crisis has also highlighted the importance of investing in modernization and the need for Agencies to develop, update, improve and implement their IT modernization plans. In June 2020, Sen. Maggie Hassan, D-N.H., sent letters to 10 major federal agencies asking what each is doing to modernize aging IT systems, as issues with legacy systems have been exacerbated by the COVID-19 crisis. This panel will share some lessons learned and discuss some of the challenges and promised benefits of IT modernization.


  • Organizational agility begins with culture
  • Remote work is now a fact of life — and supporting it requires structure
  • The cloud and virtualization have become even more critical
  • Organizations need flexible software platforms and strategies
  • Simplification and standardization are vital
  • A people-centric approach to IT security is necessary
  • AI and machine learning can be game changers
    Technology innovation can be contagious

Criterion’s IT Modernization Approach

Criterion’s Agile IT modernization approach is designed to modernize agency infrastructure in a repeatable, scalable manner based on best practices identified by industry and internal government stakeholders. Using our two-speed approach, Criterion focuses its efforts on quickly fixing/updating customer-facing applications while taking a slower and more measured approach to updating backend systems. This allows very quick iterations on the frontend without incurring the concurrent cost and risk that goes along with updating supporting systems at the same time. Backend technology is updated at a more moderate pace, which ensures that technology transformation occurs without putting the organization at substantial risk.

Criterion | Services

Learn more about Criterion’s Core Capabilities in cybersecurity, cloud/data center management, IT infrastructure, and system engineering here.