Cyber

DOD to review agencies’ zero-trust proposals over the next few months

The services and other Defense Department components will soon be submitting their plans to achieve zero-trust cybersecurity by 2027.

By Mark Pomerleau

September 7, 2023

(Getty Images)

In the coming weeks, Department of Defense components will be submitting their plans for how they will achieve “zero-trust” principles within their slices of the network in line with the Pentagon’s strategy released last year, according to the top IT official.

Last fall, DOD released its zero-trust strategy as well as its reference architecture. Zero trust is a concept and framework that assumes networks are already compromised and require constant monitoring and authentication to protect critical information.

The strategy laid out a target level and advanced level of zero trust. The target level is the minimum set of capability outcomes to secure and protect data. The strategy states the DOD must get to the target level as soon as possible. Once that is achieved, the Pentagon will monitor continued compliance to get to advanced zero trust, which the document defines as the achievement of the full set of capability outcomes.

The goal is for the department to achieve the target level by 2027.

The strategy provided a roadmap for how organization can achieve zero trust, but officials have been very clear from the start that there are multiple potential pathways. As a result, there will be several different approaches.

“I’ve used the term pick your own adventure on some of this … I suspect each of the components — matter of fact, I know they are — taking a little bit different path to get there,” John Sherman, DOD chief information officer, said at the Billington Cybersecurity Summit on Thursday.

These organizations will be submitting their plans to the zero-trust portfolio management office, led by Randy Resnick, next month, according to Sherman, who described it as a “very important milestone” to start the assessment.

“Between October and the holiday period, Randy and his team are going to be reviewing what these plans look like, consistent with what we’ve laid out with the capabilities, the 91 capabilities, that gets targeted zero trust by 2027,” he said.

DOD to review agencies’ zero-trust proposals over the next few months

More Like This

Navy announces new top cyber adviser

Air Force issues call for cyber, electromagnetic, sensing capabilities to support ABMS

With 2027 deadline looming, DOD moves into implementation phase of zero trust transformation

Top Stories

Air Force plans industry roundtables on effective uses, adoption of generative AI

US to give Israel $1.2B for Iron Beam laser weapon

After Iran’s strikes on Israel, Juniper Oak exercises seen as a ‘harbinger’

General Atomics adding AESA radar and software to upgraded Gray Eagles

Navy to unveil new ‘structured piloting’ framework for IT modernization

Army rethinks its approach to AI-enabled risks via Project Linchpin

More Scoops

Deputy CIO gives updates on Pentagon’s ‘aggressive’ plan for achieving zero trust by 2027

Navy hits DOD’s zero-trust targets years ahead of schedule, CTO says

DOD to brief Congress early next year on zero-trust progress

Space Force awards contract to protect space systems, data with zero-trust approach

The computers are getting fixed: DOD standing up a user experience portfolio management office

Zero trust would have ‘likely’ caught and prevented classified leak, Pentagon CIO believes

Army asking Congress for billions in 2024 to implement zero trust, cloud transition, BYOD and other digital transformation efforts

Latest Podcasts

How the Navy is reducing workforce friction to improve mission outcomes

How DARPA is looking to AI to fend off cyber vulnerabilities through a challenge program

How the DOD protects national security interests by monitoring climate change

Google’s Scott Frohman Talks AI Innovation at Google Cloud Next

Weapons

Cyber

IT

AI