Zero Trust

 View Only
  • 1.  DoD Zero Trust Strategy

    Posted Nov 22, 2022 12:15:00 PM
    Edited by Michael Roza Nov 22, 2022 12:50:37 PM
      |   view attached
    Hi All,

    The DoD just published The DoD Zero Trust Strategy

    This Zero Trust Strategy defines an adaptive approach for how DoD must champion and accelerate the shift to a Zero Trust architecture and framework that secures and protects DoD Information Enterprise (IE) within the Joint Information Environment (JIE) and specifically the DoD Information Network (DODIN). The intent of the strategy is to establish the parameters and target levels necessary to achieve Zero Trust (ZT) adoption across systems and networks (e.g., Non-classified Internet Protocol Router Network (NIPRNet) and Secret Internet Protocol Router Network (SIPRNet)). This approach emphasizes the need for DoD and its Components to embrace evolving technology while adapting and responding to known and unknown malicious actors. It involves the full breadth of stakeholders in the DoD ZT Ecosystem and allows a strategic implementation to begin immediately.

    Zero Trust is the term for an "evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources." At its core, ZT assumes no implicit trust is granted to assets or users based solely on their physical or network location (i.e., local area networks versus the Internet) or asset ownership (enterprise or personally owned). This shift in philosophy is a significant change in legacy authentication and security mechanisms. It also represents a major cultural change that stakeholders throughout the DoD ZT Ecosystem, including the Defense Industrial Base (DIB), will need to embrace and execute beginning with FY2023 through FY2027 and in the future.

    @John Yeoh
    @Daniele Catteddu
    @Erik Johnson
    @Jason A. Garbis
    @John Kindervag


    Michael Roza CPA, CISA, CIA, MBA, Exec MBA