Software Defined Perimeter

  • 1.  Department of Defense (DOD) Zero Trust Reference Architecture

    Posted May 19, 2021 01:56:00 AM
      |   view attached
    Hi All,

    The DOD recently cleared for release "Zero Trust Reference Architecture"

    @Daniele Catteddu
    @Jason Garbis
    @Juanita Koilpillai

    "Zero Trust is the term for an evolving set of cybersecurity paradigms that move defenses from
    status, network-based perimeters to focus on users, assets, and resources. Zero Trust assumes
    there is no implicit trust granted to assets or user accounts based solely on their physical or
    network location (i.e., local area networks versus the Internet) or based on asset ownership
    (enterprise or personally owned)." 1Zero Trust requires designing a simpler and more secure
    architecture without impeding operations or compromising security. The classic
    perimeter/defense-in-depth cybersecurity strategy repeatedly shows to have limited value
    against well-resourced adversaries and is an ineffective approach to address insider threats.
    The Department of Defense (DOD) next-generation cybersecurity architecture will
    become data-centric and based upon Zero Trust principles. Zero Trust supports the 2018 DOD
    Cyber Strategy, the 2019 DOD Digital Modernization Strategy, and the DOD Chief Information
    Officer's (CIO) vision for creating "a more secure, coordinated, seamless, transparent, and cost-effective
    IT architecture that transforms data into actionable information and ensures
    dependable mission execution in the face of a persistent cyber threat."2 Zero Trust should be
    used to re-prioritize and integrate existing DOD capabilities and resources, while maintaining
    availability and minimizing temporal delays in authentication mechanisms, to address the DOD
    CIO's vision.

    Michael Roza CPA, CISA, CIA, MBA, Exec MBA

  • 2.  RE: Department of Defense (DOD) Zero Trust Reference Architecture

    Posted May 20, 2021 02:14:00 PM
    Thanks Michael.  I find your posts providing news on new publications from US Fed Gov generally very useful and timely.
    Keep it up.
    Phil C, NZ Govt CISO Office.

    Phil Cutforth
    Manager, INFOSEC Policy and Research

  • 3.  RE: Department of Defense (DOD) Zero Trust Reference Architecture

    Posted May 21, 2021 02:42:00 AM
    Thanks, Phil Great to hear!