Zero trust strategy

DOD Sets Timetable for Zero Trust Strategy Release, Pilot Programs Implementation

The Department of Defense expects to release a formal zero trust strategy by September and start related pilot projects by Oct. 1.

Randy Resnick, director of the Pentagon’s zero trust portfolio management office, said during a conference hosted by the Digital Government Institute that the zero trust strategy has around 90 separate activities mostly unrelated to technology. According to the official, focus should also be given to non-technology aspects like workforce training and retention, policy and leadership.

Resnick said the strategy has three separate courses of action for zero trust, namely applying principles to existing IT infrastructure, implementing the architecture in commercial cloud environments, and implementing zero trust for government-operated private cloud solutions, Federal News Network reported.

According to Resnick, several cloud service providers his agency has spoken with said they could integrate the Pentagon’s zero trust definitions into their computing environments. He explained that a qualified government agency like the National Security Agency will evaluate the companies’ solutions before starting a pilot program.

For the pilots, DOD officials are considering using cloud environments that the U.S. Army and Air Force are already running.

The Pentagon official also pointed out that around eight to 10 IT services providers will be needed to support the 90 zero trust-related activities. He said the DOD’s Office of the Chief Information Officer will decide which companies can join the effort.

In terms of resources, Resnick said although Congress has not yet authorized funding for the cybersecurity architecture, department leaders have long recognized the need for billions of dollars in up-front spending to effectively implement zero trust.