INDUSTRY
Public Sector: US Federal Agency
Prime Contractor: Leidos
GOALS
- Ensure Compliance Across Distributed Infrastructure
- Mitigate Risk & Strenghten Security Posture
- Improve Internal Controls & Verification
- Reduce Outages & Operational Overhead
USE CASES
- IP Network Baseline Configuration Compliance - Verification & Reporting
- Network Interface Description Configuration Compliance - Verification, Remediation, & Reporting
- L3 VPN Provisioning Reads
INTEGRATIONS
Key Results
Automated compliance verification and remediation across multiple device types.
Eliminated vulnerabilities from out-of-date configurations and legacy devices.
Refactored automation scripts to require less manual intervention, boosting engineer productivity.
Accelerated L3 VPN provisioning reads with a roadmap for automated writes.
Established a scalable automation framework for ongoing modernization.
Legacy Device Configurations Create Vulnerabilities & Impact Federal Compliance
Because federal environments require vendor approvals and strict security controls, devices often remain in service longer than in commercial settings – raising the risk of configuration drift and compliance gaps.
The network team recognized that automation was essential to keep configurations current and policy-aligned, but any solution had to fit a secure federal stack and support an Authority to Operate (ATO).
With a small team and limited existing automation (NSO, some Python and Ansible), they needed a platform that could make immediate progress and scale.
They selected three initial use cases to demonstrate value quickly:
- Verification and reporting for IP network baseline configuration compliance.
- Verification, remediation, and reporting for interface-description compliance.
- Read operations for L3 VPN provisioning (with writes targeted next).
Focusing first on verification and reporting ensured accurate, up‑to‑date configurations to meet federal security requirements, while setting the groundwork for more advanced automations like L3 VPN writes and brownfield service management.
Over time, we’ve been a little slow to adopt new tools, or even devices due to federal regulations. But to scale our network, our capabilities, we need to rapidly change how we’re working to manage configuration compliance with our team.
Senior Network Engineer
Advancing Network Modernization with Itential
Federal network teams often face the same constraints: legacy hardware, limited tooling, small teams, and uncompromising compliance.
Under the GSM‑O II contract, Leidos selected Itential to modernize how this agency manages configurations across legacy and modern devices. Itential provides a secure, scalable automation and orchestration platform proven in federal production, with multiple deployments operating under ATO and supporting continuous ATO through built‑in evidence and policy enforcement.
Building remediation workflows in Itential was really easy to pick up and seeing what we’ve done with our first few use cases, I can already tell the team will be able to do a lot more as we keep building workflows.
Senior Network Engineer
The agency met its initial targets with Itential’s:
- Pre-Built Integrations with Cisco NSO, Cisco NED, and Kafka, plus autogenerated connectors for bespoke systems.
- Configuration compliance and drift remediation for CLI based devices and API driven services.
- Automated remediation of non non-compliant devices in minutes to close security gaps quickly.
- Out-of-the-box compliance reporting with historical views to spot and eliminate recurring issues.
- Low-code workflow canvas to rapidly design end to end orchestrations using modular assets.
- Itential Automation Gateway to onboard existing Python and Ansible scripts into governed workflows.
- Reusable automation libraries that scale across additional use cases and teams.
- Granular RBAC and secure sharing so only authorized users can execute change operations.
- On-premises deployment option to support air-gapped and classified environments.
What They’ve Achieved & the Roadmap to Network Modernization
By automating verification, reporting, and remediation for baseline and interface description compliance, the team now maintains confidence that configurations are current and consistent across domains and device types.
They’ve moved beyond slow, custom Python scripts toward a governed, low code orchestration model that preserves existing script value while extending capability and control.
Each step builds on the Itential foundation to increase delivery speed, strengthen security posture, and sustain compliance.
Next on the roadmap:
- Enable L3 VPN provisioning writes to complement existing read operations.
- Migrate a broad range of brownfield services into governed Itential workflows.
- Support cloud migration to GMS for enhanced scalability.
- Expand automation into the optical transport network and optical layer.
- Integrate more deeply with other GMS systems, including ticket management and event streaming.
Why Itential Is Trusted by the Public Sector
Itential provides the automation and orchestration fabric that lets agencies modernize in place – turning complex, multi-vendor infrastructure into a programmable, auditable service layer.
Proven in federal production and aligned to Zero Trust outcomes, Itential hardens posture while accelerating delivery, so day‑one deployments are compliant by design and day‑two changes remain resilient and traceable.
Agencies deploying Itential report faster change velocity, measurable reduction in attack surface, and thousands of engineer hours redirected from manual upkeep to mission priorities.
The Itential Platform Advantage
Policy‑Driven Automation for Secure, Compliant Operations
Move fast without creating new risk. Compliance shifts from box‑checking to built‑in and supports continuous ATO with automated evidence.
Unified Orchestration Across Domains & Boundaries
From NIPR to SIPR to GovCloud, NetOps and SecOps operate as one, accelerating transformation without disrupting mission continuity.
Continuous Evidence for Compliance & Cyber Readiness
Compliance becomes continuous, not episodic. Infrastructure evolves from a source of audit anxiety to a source of assurance.
Learn More with Itential Content
Blogs
- Accelerating Network Modernization in the Public Sector Through Automation & Orchestration
- How the Public Sector can Automate Network Changes in a STIG Environment
- Security Vulnerabilities Top of Mind? How to Prevent Network Breaches with Automated Audit & Remediation
- Multi-Vendor Network Security: From Backlog to Blocking as a Service
- Network Engineering Should Be a Standard, Not an Art
- Order Over Chaos: How Itential Equips Teams to Manage Ordered List Configurations
Other Resources
- Compliance Plans & Compliance for Ordered Lists
- How to Audit Network Security Vulnerabilities from Cisco PSIRTs with Itential’s Automated Configuration Compliance
- How to Execute Compliance & Remediation of Vulnerable Features on Cisco IOS XE Devices
- Major FinTech Strengthens Network Security Posture with Standardized Configuration with Itential
- Itential & Fierce Software Sign Distribution Agreement to Expand Network Automation & Orchestration Initiatives in the Public Sector
- How to Track & Orchestrate Hybrid, Multi-Cloud Security Services
Get Started with Itential
Schedule a Custom Demo
Schedule time with our automation experts to explore how our platform can help simplify and accelerate your automation journey.
Take An Interactive Tour
See how Itential products work firsthand in our interactive tours.
Watch Demo Videos
Watch demos of Itential's suite of network automation and orchestration products.