Security
DISA, NSA Lead Zero-Trust Adoption at DOD
The Defense Information Systems Agency and the National Security Agency are leading the adoption of zero-trust best practices across the Department of Defense's enterprise.
Vice Adm. Nancy Norton, commander of both DISA and the Joint Force Headquarters DOD Information Network, said the initial "Zero Trust Reference Architecture" will be completed before the end of 2020, Breaking Defense reported Wednesday.
The effort entails transitioning systems that rely on a single line of defense to a layered defense based on zero trust.
Most DOD information technologies rely on perimeter security, which experts believe can easily be breached by enemies.
A zero-trust framework constantly monitors all system users inside and outside the perimeter and operates under the principle of "deny by default."
The architecture is being designed to teach DOD organizations how they can upgrade the technologies they already have, the commander said.
Norton acknowledged that such a shift requires major software and policy overhauls and that the Pentagon cannot afford to completely replace its entire IT system.
“We’re not starting over again [buying] wholesale new equipment. We are taking what’s out there today with our legacy equipment and… incorporating new principles and new analytics and specific kinds of policies, Norton said.
DISA and NSA are conducting workshops with other agencies. They are with the organizations at all levels, from top officials down to the worker level.
"The workshops are going really well and we're getting lots of participation. There is definitely a lot of interest in there," Norton said.
Category: Popular Voices