An official website of the United States government
A .gov website belongs to an official government organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

In the News

News | Nov. 29, 2022

DOD Releases Path to Cyber Security Through Zero Trust Architecture

By C. Todd Lopez DOD News

WASHINGTON -- The Defense Department on Tuesday released its Zero Trust Strategy and Roadmap, which spells out how it plans to move beyond traditional network security methods to achieve reduced network attack surfaces, enable risk management and effective data-sharing in partnership environments, and contain and remediate adversary activities over the next five years.

"Zero trust is a framework for moving beyond relying on perimeter-based cybersecurity defense tools alone and basically assuming that breach has occurred within our boundary and responding accordingly," David McKeown, the department's acting chief information officer, said.

McKeown said the department has spent a year now developing the plans to get the department to a zero trust architecture by fiscal year 2027. Included in that effort was development of a Zero Trust Portfolio Management Office, which stood up earlier this year.

"With the publication of this strategy we have articulated the 'how' that can address clear outcomes of how to get to zero trust — and not only accelerated technology adoption, as discussed, but also a culture of zero trust at DOD and an integrated approach at the department and the component levels."

Getting the Defense Department to reach the goals laid out in the Zero Trust Strategy and Roadmap will be an "ambitious undertaking," McKeown said.

Ensuring that work will largely be the responsibility of Randy Resnick, who serves as the director of the Zero Trust Portfolio Management Office.

"With zero trust, we are assuming that a network is already compromised," Resnick said. "And through recurring user authentication and authorization, we will thwart and frustrate an adversary from moving through a network and also quickly identify them and mitigate damage and the vulnerability they may have exploited."

Spotlight: Engineering in the DOD

Resnick explained the difference between a zero trust architecture and security on the network today, which assumes a level of trust for anybody already inside the network.
"If we compare this to our home security, we could say that we traditionally lock our windows and doors and that only those with the key can gain access," he said. "With zero trust, we have identified the items of value within the house and we place guards and locks within each one of those items inside the house. This is the level of security that we need to counter sophisticated cyber adversaries."

The Zero Trust Strategy and Roadmap outlines four high-level and integrated strategic goals that define what the department will do to achieve that level of security. These include:

  • Zero Trust Cultural Adoption — All DOD personnel understand and are aware, trained, and committed to a zero trust mindset and culture to support integration of zero trust.
  • DOD information Systems Secured and Defended — Cybersecurity practices incorporate and operationalize zero trust in new and legacy systems.
  • Technology Acceleration — Technologies deploy at a pace equal to or exceeding industry advancements.
  • Zero Trust Enablement — Department- and component-level processes, policies, and funding are synchronized with zero trust principles and approaches.

Resnick said development of the Zero Trust Strategy and Roadmap was done in collaboration with the National Security Agency, the Defense Information Systems Agency, the Defense Manpower Data Center, U.S. Cyber Command and the military services.

The department and its partners worked together to develop a total of 45 capabilities and more than 100 activities derived from those capabilities, many of which the department and components will be expected to be involved in as part of successfully achieving baseline, or "target level" compliance with zero trust architecture within the five-year timeline, Resnick said.

"Each capability, the 45 capabilities, resides either within what we're calling 'target,' or 'advanced' levels of zero trust," he said. "DOD zero trust target level is deemed to be the required minimum set of zero trust capability outcomes and activities necessary to secure and protect the department's data, applications, assets and services, to manage risks from all cyber threats to the Department of Defense."

Across the department, every agency will be expected to comply with the target level implementation outlined in the Zero Trust Strategy and Roadmap. Only a few might be expected to achieve the more advanced level.

"If you're a national security system, we may require the advanced level for those systems," McKeown said. "But advanced really isn't necessary for literally every system out there. We have an aggressive goal getting to 'targeted' by 2027. And we want to encourage those who have a greater need to secure their data to adopt this advanced level."

Resnick said achieving the target level of zero trust isn't equivalent to a lower standard for network security.

"We defined target as that level of ability where we're actually containing, slowing down or stopping the adversary from exploiting our networks," he said. "Compared to today, where an adversary could do an attack and then go laterally through the network, frequently under the noise floor of detection, with zero trust that's not going to be possible."

By 2027, Resnick said, the department will be better poised to prevent adversaries from attacking the DOD network and minimize damage if it does occur.

"The target level of zero trust is going to be that ability to contain the adversary, prevent their freedom of movement, from not only going laterally but being able to even see the network, to enumerate the network, and to even try to exploit the network," he said.

If later on more is needed, he said, the requirements for meeting the target level of compliance can be adjusted.

"Target will always remain that level to which we're seeing and stopping the adversary," he said. "And for the majority of the DOD, that's really our goal."

Social Media Feed

Twitter
Mr. Aaron Bishop, DoW CISO and acting Deputy CIO for Cybersecurity, spoke today at the @PotomacOfficers Club 2026 Cyber Summit to discuss key features of the @DeptofWar way ahead for IT and Cyber transformation with an the audience of GovCon leaders. Cybersecurity always will be https://t.co/AtJCqruNpg
Twitter
Happy Armed Forces Day! 🇺🇸🦅 250 years strong—and still standing watch. As we mark the 250th anniversary of the United States, we honor those who have defended our nation from its founding to today—serving across every branch of our Armed Forces: Army, Navy, Marine Corps, Coast https://t.co/LE4mlrrfa4 Happy Armed Forces Day! 🇺🇸🦅 250 years strong—and still standing watch. As we mark the 250th anniversary of the United States, we honor those who have defended our nation from its founding to today—serving across every branch of our Armed Forces: Army, Navy, Marine Corps, Coast https://t.co/LE4mlrrfa4
Twitter
The Honorable Kirsten Davies, thanked her Five Eyes CIO counterparts for their hard work and candid discussion last week as part of the Defense CIO Forum (#DCIOF) and Combined Digital Leadership Summit (#CDLS). “This was my first time leading the US delegation to the CDLS and I https://t.co/2N3iCSGBmp The Honorable Kirsten Davies, thanked her Five Eyes CIO counterparts for their hard work and candid discussion last week as part of the Defense CIO Forum (#DCIOF) and Combined Digital Leadership Summit (#CDLS). “This was my first time leading the US delegation to the CDLS and I https://t.co/2N3iCSGBmp
Twitter
The @DeptofWar successfully wrapped the Combined Digital Leadership Summit (#CDLS 26.1) last week. Together with our Five Eyes partners, we are accelerating joint digital warfighting capabilities and moving hashtag#ProjectArcadia into operational reality. The core mission: https://t.co/GZ690pibFA The @DeptofWar successfully wrapped the Combined Digital Leadership Summit (#CDLS 26.1) last week. Together with our Five Eyes partners, we are accelerating joint digital warfighting capabilities and moving hashtag#ProjectArcadia into operational reality. The core mission: https://t.co/GZ690pibFA
Twitter
The @DeptofWar CIO's Office is proud to announce our Workforce Innovation Directorate’s (WID) has been awarded the 2026 Government Information Technology Council’s Workforce Development Award! This award, presented by the Advanced Technology Academic Research Center (ATARC), https://t.co/5KXxjogR31 The @DeptofWar CIO's Office is proud to announce our Workforce Innovation Directorate’s (WID) has been awarded the 2026 Government Information Technology Council’s Workforce Development Award! This award, presented by the Advanced Technology Academic Research Center (ATARC), https://t.co/5KXxjogR31
Twitter
In a high-stakes environment, isolated data can cost us the tactical advantage. The @DeptofWar's business systems must communicate seamlessly to be effective. The new Business Enterprise Architecture (BEA) Guidebook is the master blueprint that makes this interoperability happen. https://t.co/hPl5Y8wRFU In a high-stakes environment, isolated data can cost us the tactical advantage. The @DeptofWar's business systems must communicate seamlessly to be effective. The new Business Enterprise Architecture (BEA) Guidebook is the master blueprint that makes this interoperability happen. https://t.co/hPl5Y8wRFU
Twitter
Pictured from left to right: Brandon Cross and Holly Yuan, University of Wisconsin-Stout; Brian Scavotto, North Carolina A&T; and Amith Kamath Belman, San Jose State University
Twitter
Congrats to the ASCEND Challenge winners announced at the NCAE-C Symposium! 🏆 The @DeptofWar Office of the CIO commends Holly Yuan & Brandon Cross (UW-Stout), Brian Scavotto (NC A&T), and Amith Kamath Belman (SJSU). Your groundbreaking AI & cyber frameworks are forging the next https://t.co/DHiTiTP0f3 Congrats to the ASCEND Challenge winners announced at the NCAE-C Symposium! 🏆 The @DeptofWar Office of the CIO commends Holly Yuan & Brandon Cross (UW-Stout), Brian Scavotto (NC A&T), and Amith Kamath Belman (SJSU). Your groundbreaking AI & cyber frameworks are forging the next https://t.co/DHiTiTP0f3
Twitter
The @DeptofWar CIO, Hon @DoWCIODavies, is excited to highlight the Cyber Academic Engagement Office (#CAEO) Community Exchange “Listening Room” at this year’s Center for Academic Excellence (CAE) in Cybersecurity Symposium in Pittsburgh, PA. Over the past week, this space https://t.co/E2yir592XM The @DeptofWar CIO, Hon @DoWCIODavies, is excited to highlight the Cyber Academic Engagement Office (#CAEO) Community Exchange “Listening Room” at this year’s Center for Academic Excellence (CAE) in Cybersecurity Symposium in Pittsburgh, PA. Over the past week, this space https://t.co/E2yir592XM
Twitter
Pictured left to right in the Listening Room: Michael Tu, university of Purdue NW University; Dr. Emanuel El-Sheikh, University of West Florida; Scott Nelson, acting PD CEAO; Adel Elmaghraby, University of Louisville; and Omar Garada, Dcode
Twitter
The Dept of War CIO’s Cyber Academic Engagement Office kicked off the annual National Centers of Academic Excellence in Cybersecurity (NCAE-C) Symposium, by challenging universities to join the "front lines" of the nation's cyber defense,” and highlighted @POTUS, @DeptofWar https://t.co/BlM8f9TvpD The Dept of War CIO’s Cyber Academic Engagement Office kicked off the annual National Centers of Academic Excellence in Cybersecurity (NCAE-C) Symposium, by challenging universities to join the "front lines" of the nation's cyber defense,” and highlighted @POTUS, @DeptofWar https://t.co/BlM8f9TvpD
Twitter
Pictured left to right: Scott Nelson, Acting Principal Director of the DoW CIO Cyber Academic Engagement Office delivering the keynote at the NCAE-C Symposium; representatives of the 28 new NCAE-C institutions at the certification ceremony.
Twitter
The Dept of War CIO’s Cyber Academic Engagement Office kicked off the annual National Centers of Academic Excellence in Cybersecurity (NCAE-C) Symposium, by challenging universities to join the "front lines" of the nation's cyber defense,” and highlighted @POTUS, @DeptofWar https://t.co/0liZC7C5ND The Dept of War CIO’s Cyber Academic Engagement Office kicked off the annual National Centers of Academic Excellence in Cybersecurity (NCAE-C) Symposium, by challenging universities to join the "front lines" of the nation's cyber defense,” and highlighted @POTUS, @DeptofWar https://t.co/0liZC7C5ND
Twitter
Clockwise from upper left: Ms. Ayanna Baker (Cyber Human Capital Program Analyst), Mrs. Marci McCarthy (DoW CIO Director of External Engagements), Acting Secretary of Labor The Honorable Keith Sonderling, and Ms. Chimia Nelson (DoW CIO Program Director); Seated: DoL Acting
Twitter
The Department of War CIO announces the launch of our new DoW Cyber Registered Apprenticeship Program (#CyberRAP). Yesterday, during the National Apprenticeship Week signing ceremony at the Department of Labor, Mrs. Marci McCarthy, Director of External Engagements, kicked off the https://t.co/qRJT5sfZyM The Department of War CIO announces the launch of our new DoW Cyber Registered Apprenticeship Program (#CyberRAP). Yesterday, during the National Apprenticeship Week signing ceremony at the Department of Labor, Mrs. Marci McCarthy, Director of External Engagements, kicked off the https://t.co/qRJT5sfZyM
Twitter
🦅 @DeptofWar CIO, the Honorable Kirsten Davies, joined the 71st Siouxland/Washington Conference & Steak Reception, sharing an inspiring message of collaboration 🤝 with Senate and Congressional members and the Siouxland Chamber of Commerce. Emphasizing the vital partnership https://t.co/eSXro6KLT7 🦅 @DeptofWar CIO, the Honorable Kirsten Davies, joined the 71st Siouxland/Washington Conference & Steak Reception, sharing an inspiring message of collaboration 🤝 with Senate and Congressional members and the Siouxland Chamber of Commerce. Emphasizing the vital partnership https://t.co/eSXro6KLT7
Twitter
Moving at the speed of war! 🦅 Yesterday at the Potomac Officers Club Digital Transformation Summit, DoW CIO Hon. Kirsten Davies delivered a powerhouse keynote to defense and industry leaders that are moving at the speed of war to deliver capabilities to our Warfighters that are https://t.co/uN7gmstX6B Moving at the speed of war! 🦅 Yesterday at the Potomac Officers Club Digital Transformation Summit, DoW CIO Hon. Kirsten Davies delivered a powerhouse keynote to defense and industry leaders that are moving at the speed of war to deliver capabilities to our Warfighters that are https://t.co/uN7gmstX6B
Twitter
@DeptofWar, the Honorable Kirsten Davies, formally announces the onboarding of five new senior leaders to the team today. Read more at: https://t.co/UUcM1GUGUV https://t.co/08puLxMVKw @DeptofWar, the Honorable Kirsten Davies, formally announces the onboarding of five new senior leaders to the team today. Read more at: https://t.co/UUcM1GUGUV https://t.co/08puLxMVKw
Twitter
The Hon. Kirsten Davies drove home the sense of urgency she feels to make lasting change for the Warfighter and the nation. This is “not business as usual,” as significant changes are underway in how the @DeptofWar develops IT and cyber tools. Under the leadership of @POTUS and https://t.co/nwyGhf6yHf
Twitter
The DoW CIO, Hon Kirsten Davies, is pleased to announce that Mrs. Marci McCarthy (@marcimccarthyUS) has been appointed as the new Office of the CIO Director of External Engagements. Mrs. McCarthy will be responsible for shaping our strategic communications and leading our https://t.co/OeE4e11ufg The DoW CIO, Hon Kirsten Davies, is pleased to announce that Mrs. Marci McCarthy (@marcimccarthyUS) has been appointed as the new Office of the CIO Director of External Engagements. Mrs. McCarthy will be responsible for shaping our strategic communications and leading our https://t.co/OeE4e11ufg
X
7,163
Follow Us