The Defense Department is ready to get serious about transitioning its network defenses to zero trust principles. The Pentagon expects to release a formal zero trust strategy by mid-September, wants to have an enterprise-wide zero trust implementation in place by 2027, and is already in talks with commercial providers about how to implement zero trust in the cloud.
Last year’s White House executive order on cybersecurity told all federal agencies to draw up plans to move to a zero trust architecture. DoD published its first reference architecture shortly before the EO, and has since updated it to a 2.0 version. But Defense officials said the strategy set to be released next month will lay out the specific steps DoD components and their vendors will need to take to implement zero trust.
“We are committed to implementing zero trust at scale for our 4 million-person-plus enterprise that we lead,” John Sherman, DoD’s CIO said during a speech at a Fedscoop event this week.