The Department of Defense has released a zero trust cybersecurity framework outlining targeted efforts to secure the DOD Information Enterprise by reducing its attack surface, enabling risk management and facilitating data sharing.
The DOD Zero Trust Strategy and Roadmap focuses on four high-level strategic goals: zero trust cultural adoption, DoD information systems secured and defended, technology acceleration and zero trust enablement, the Pentagon reported Tuesday.
Each strategic goal includes activities and priorities to guide DOD components in achieving targeted zero trust over the next five years.
“The journey to Zero Trust requires all DoD Components to adopt and integrate Zero Trust capabilities, technologies, solutions, and processes across their architectures, systems, and within their budget and execution plans,” John Sherman, chief information officer of DOD, wrote in the strategy’s foreword.
The strategy is centered on fully implementing zero trust across seven capability pillars: user, device, application and workload, data, network and environment, automation and orchestration and visibility and analytics.
DOD expects each pillar to achieve targeted level zero trust implementation by fiscal year 2027 and transition to advanced zero trust stage by FY 2032.
The DOD Zero Trust Portfolio Management Office, which was established in January, will oversee the implementation of the new strategy.