Zero trust cybersecurity

Department of Defense Zero Trust Strategy to Be Released Soon

The Department of Defense will release its zero trust strategy in the coming days following approval from the department’s chief information officer.

The strategy will outline the Pentagon’s approach to achieving zero trust, which includes over 100 activities and key elements that are designed to keep data secure. Some of the focus areas are automation, analytics and applications.

DOD CIO and 2022 Wash100 winner John Sherman said the strategy takes into account learnings from the Defense Information Systems Agency’s Thunderdome contract with Booz Allen Hamilton. He noted that the strategy is undergoing a public review, C4ISRNet reported Tuesday.

According to Sherman, who spoke at a DISA event in Maryland, the transition to zero trust is a sign that the government recognizes that the threat environment is evolving and is getting more sophisticated. He noted that the Pentagon wants to broaden its cybersecurity thinking beyond defending the perimeter.

The CIO said the department has until 2027 to implement zero trust.

In late July, DISA extended its Thunderdome zero trust contract to further secure the Secure Internet Protocol Router Network. Booz Allen received the original $6.8 million Thunderdome contract in January.

Zero trust is a cybersecurity principle that assumes that all users do not inherently have credentials to access critical information. Zero trust constantly assesses user information before granting them access to data.