Zero trust security
DISA Completes DOD’s Zero Trust Reference Architecture
The Defense Information Systems Agency announced that it has finished the Department of Defense’s zero trust reference architecture.
Zero trust security models restrict access by default even to users already inside the security perimeter, helping prevent malicious actors from accessing critical assets, DISA said.
“The intent and focus of zero trust frameworks is to design architectures and systems to assume breach, thus limiting the blast radius and exposure of malicious activity,” said Brandon Iske, DISA’s security enablers portfolio chief engineer.
DISA said it developed the reference architecture in collaboration with the DOD chief information officer, U.S. Cyber Command and the National Security Agency.
DISA’s Architecture and Standards Engineering Office and Joint Interoperability Test Command teams also supported the reference architecture’s development, according to Joe Brinker, the agency’s security enablers portfolio manager.
Brinker said DISA will continue working with DOD components in implementing zero trust and developing related enterprise capabilities across the department.
In April, DOD Chief Information Security Officer David McKeown announced his intent to establish an office dedicated to accelerating the military’s adoption of zero trust.
He told the Senate Armed Services Committee’s cybersecurity subcommittee that a zero trust portfolio management office would provide “critical centralization and orchestration” for the DOD.
The CISO added that the Pentagon is already implementing a new enterprise-wide, identity, credential and access management tool provided by DISA.
Category: Cybersecurity