Updated on 2022-11-23: US Defense Department Releases Zero Trust Strategy and Roadmap
The US Department of Defense (DoD) has published its zero-trust strategy and an accompanying roadmap. To achieve its overarching purpose of a DOD information enterprise secured by a fully-implemented, department-wide zero trust cybersecurity framework, the strategy incorporates four goals: zero trust cultural adoption, DoD information systems secured and defended, technology acceleration, and zero trust enablement. DoD has set a target date of 2027 for defense agencies to fully implement zero-trust standards.
Note
- Here are two documents you can leverage to build your strategy and roadmap to ZTA, to include communication and capabilities for each of the five pillars. While five years seems like a long time, it’s still a fairly short timeframe to implement across your entire infrastructure. If nothing else, make sure that you’re architecting and purchasing with an eye to zero trust in the future.
- First and foremost it will take a shift in security culture to fully realize zero trust. Meanwhile a recent GAO report identified shortcomings in the Departments reporting of cyber incidents. One has to ask how will the DoD track implementation of the strategy across thousands of information systems.
- This has been a long time coming. It appears the DoD is getting very serious about how they will be addressing Zero Trust for many of their networks. There is also talk about moving to Software Defined Networking and Private Cloud (or Commercial Clouds) to make some of this work. The project plan outlined here shows a plan that dates into 2032. Many of our Commercial Products are also influenced by how the government spends in this space, so I suspect more and more vendors will focus on these efforts or risk losing these government spending contracts. This is one to watch.
Read more in
- DoD Zero Trust Strategy (PDF)
- DoD Zero Trust Capability Execution Roadmap (COA 1) (PDF)
- Department of Defense Releases Zero Trust Strategy and Roadmap
- It’s Finally Here: Pentagon Releases Plan To Keep Hackers Out Of Its Networks
Overview: DOD zero trust framework
The US Department of Defense has released a framework [PDF] to guide agencies into implementing zero trust architectures on their networks. Read more: Department of Defense Releases Zero Trust Strategy and Roadmap
