Zero trust implementation

Pentagon Releases Zero Trust Strategy and Roadmap

The Department of Defense has released its zero trust strategy and roadmap, which will guide the agency in its efforts in deploying the cybersecurity architecture.

The Pentagon envisions an information enterprise that is secured by a department-wide zero trust framework that will reduce the attack surface, enable risk management and effective data sharing, and contain and remediate attacks.

Zero trust implementation will be a continuous process in which measures will be added as threats and technologies evolve, the Department of Defense said Tuesday.

The Pentagon will focus on four strategic goals, namely zero trust cultural adoption, information systems security, technology acceleration and zero trust enablement. The agency will ensure that people are knowledgeable in zero trust, cybersecurity practices incorporate and operationalize the architecture, technologies are deployed at the same or better pace as industry advancements, and policies and funding are synchronized with zero trust principles.

The Pentagon expects to commence work on zero trust in fiscal year 2023 and implement zero trust capabilities and activities outlined in the strategy and road map by fiscal year 2027.

Zero trust is a cybersecurity framework that requires all users to be authenticated, authorized and continuously validated before being granted access to applications and data. It is designed to address challenges brought about by remote work, hybrid cloud environments and evolving ransomware threats.

The U.S. government has created guidelines for implementing zero trust. One such guide is the National Institute of Standards and Technology’s Special Publication 800-207, which was released in 2020.