The Department of Defense (DoD) has released its Zero Trust Strategy and Roadmap.
Current and future cyber threats and attacks drive the need for a Zero Trust (ZT) approach that goes beyond the traditional perimeter defense approach. DoD intends to implement distinct ZT capabilities and activities as outlined in the strategy and associated Roadmap by FY27.
The strategy envisions a DoD Information Enterprise secured by a fully implemented, Department-wide ZT cybersecurity framework that will reduce the attack surface, enable risk management and effective data-sharing in partnership environments, and quickly contain and remediate adversary activities.
The strategy outlines four high-level and integrated strategic goals that define what the Department will do to achieve its vision for ZT:
- Zero Trust Cultural Adoption – All DoD personnel are aware, understand, are trained, and committed to a Zero Trust mindset and culture and support integration of ZT.
- DoD information Systems Secured and Defended – Cybersecurity practices incorporate and operationalize ZT in new and legacy systems.
- Technology Acceleration – Technologies deploy at a pace equal to or exceeding industry advancements.
- Zero Trust Enablement – Department- and Component-level processes, policies, and funding are synchronized with ZT principles and approaches.
Implementing Zero Trust will be a continuous process in the face of evolving adversary threats and new technologies. Additional Zero Trust enhancements will be incorporated in subsequent years as technology changes and the United States’ adversaries evolve.
The Department of Defense Zero Trust Strategy and Roadmap can be found at the DoD CIO library.