Hi All,
The DOD recently cleared for release "Zero Trust Reference Architecture"
@Daniele Catteddu@Jason A. Garbis@Juanita Koilpillai"Zero Trust is the term for an evolving set of cybersecurity paradigms that move defenses from
status, network-based perimeters to focus on users, assets, and resources. Zero Trust assumes
there is no implicit trust granted to assets or user accounts based solely on their physical or
network location (i.e., local area networks versus the Internet) or based on asset ownership
(enterprise or personally owned)." 1Zero Trust requires designing a simpler and more secure
architecture without impeding operations or compromising security. The classic
perimeter/defense-in-depth cybersecurity strategy repeatedly shows to have limited value
against well-resourced adversaries and is an ineffective approach to address insider threats.
The Department of Defense (DOD) next-generation cybersecurity architecture will
become data-centric and based upon Zero Trust principles. Zero Trust supports the 2018 DOD
Cyber Strategy, the 2019 DOD Digital Modernization Strategy, and the DOD Chief Information
Officer's (CIO) vision for creating "a more secure, coordinated, seamless, transparent, and cost-effective
IT architecture that transforms data into actionable information and ensures
dependable mission execution in the face of a persistent cyber threat."2 Zero Trust should be
used to re-prioritize and integrate existing DOD capabilities and resources, while maintaining
availability and minimizing temporal delays in authentication mechanisms, to address the DOD
CIO's vision.
------------------------------
Michael Roza CPA, CISA, CIA, MBA, Exec MBA
------------------------------