An official website of the United States government
A .gov website belongs to an official government organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

In the News

News | Nov. 29, 2022

DOD Releases Path to Cyber Security Through Zero Trust Architecture

By C. Todd Lopez DOD News

WASHINGTON -- The Defense Department on Tuesday released its Zero Trust Strategy and Roadmap, which spells out how it plans to move beyond traditional network security methods to achieve reduced network attack surfaces, enable risk management and effective data-sharing in partnership environments, and contain and remediate adversary activities over the next five years.

"Zero trust is a framework for moving beyond relying on perimeter-based cybersecurity defense tools alone and basically assuming that breach has occurred within our boundary and responding accordingly," David McKeown, the department's acting chief information officer, said.

McKeown said the department has spent a year now developing the plans to get the department to a zero trust architecture by fiscal year 2027. Included in that effort was development of a Zero Trust Portfolio Management Office, which stood up earlier this year.

"With the publication of this strategy we have articulated the 'how' that can address clear outcomes of how to get to zero trust — and not only accelerated technology adoption, as discussed, but also a culture of zero trust at DOD and an integrated approach at the department and the component levels."

Getting the Defense Department to reach the goals laid out in the Zero Trust Strategy and Roadmap will be an "ambitious undertaking," McKeown said.

Ensuring that work will largely be the responsibility of Randy Resnick, who serves as the director of the Zero Trust Portfolio Management Office.

"With zero trust, we are assuming that a network is already compromised," Resnick said. "And through recurring user authentication and authorization, we will thwart and frustrate an adversary from moving through a network and also quickly identify them and mitigate damage and the vulnerability they may have exploited."

Spotlight: Engineering in the DOD

Resnick explained the difference between a zero trust architecture and security on the network today, which assumes a level of trust for anybody already inside the network.
"If we compare this to our home security, we could say that we traditionally lock our windows and doors and that only those with the key can gain access," he said. "With zero trust, we have identified the items of value within the house and we place guards and locks within each one of those items inside the house. This is the level of security that we need to counter sophisticated cyber adversaries."

The Zero Trust Strategy and Roadmap outlines four high-level and integrated strategic goals that define what the department will do to achieve that level of security. These include:

  • Zero Trust Cultural Adoption — All DOD personnel understand and are aware, trained, and committed to a zero trust mindset and culture to support integration of zero trust.
  • DOD information Systems Secured and Defended — Cybersecurity practices incorporate and operationalize zero trust in new and legacy systems.
  • Technology Acceleration — Technologies deploy at a pace equal to or exceeding industry advancements.
  • Zero Trust Enablement — Department- and component-level processes, policies, and funding are synchronized with zero trust principles and approaches.

Resnick said development of the Zero Trust Strategy and Roadmap was done in collaboration with the National Security Agency, the Defense Information Systems Agency, the Defense Manpower Data Center, U.S. Cyber Command and the military services.

The department and its partners worked together to develop a total of 45 capabilities and more than 100 activities derived from those capabilities, many of which the department and components will be expected to be involved in as part of successfully achieving baseline, or "target level" compliance with zero trust architecture within the five-year timeline, Resnick said.

"Each capability, the 45 capabilities, resides either within what we're calling 'target,' or 'advanced' levels of zero trust," he said. "DOD zero trust target level is deemed to be the required minimum set of zero trust capability outcomes and activities necessary to secure and protect the department's data, applications, assets and services, to manage risks from all cyber threats to the Department of Defense."

Across the department, every agency will be expected to comply with the target level implementation outlined in the Zero Trust Strategy and Roadmap. Only a few might be expected to achieve the more advanced level.

"If you're a national security system, we may require the advanced level for those systems," McKeown said. "But advanced really isn't necessary for literally every system out there. We have an aggressive goal getting to 'targeted' by 2027. And we want to encourage those who have a greater need to secure their data to adopt this advanced level."

Resnick said achieving the target level of zero trust isn't equivalent to a lower standard for network security.

"We defined target as that level of ability where we're actually containing, slowing down or stopping the adversary from exploiting our networks," he said. "Compared to today, where an adversary could do an attack and then go laterally through the network, frequently under the noise floor of detection, with zero trust that's not going to be possible."

By 2027, Resnick said, the department will be better poised to prevent adversaries from attacking the DOD network and minimize damage if it does occur.

"The target level of zero trust is going to be that ability to contain the adversary, prevent their freedom of movement, from not only going laterally but being able to even see the network, to enumerate the network, and to even try to exploit the network," he said.

If later on more is needed, he said, the requirements for meeting the target level of compliance can be adjusted.

"Target will always remain that level to which we're seeing and stopping the adversary," he said. "And for the majority of the DOD, that's really our goal."

Social Media Feed

Twitter
At this year's @GovCIOMedia Fed Tech Leaders Summit, Hon. Davies took the stage for an engaging fireside chat with Sarah Sybert, Managing Editor of GovCIO Media & Research, sharing a bold, forward-looking vision for the future of military technology. Adding to the milestone, https://t.co/za4Cnf8w4Y
Twitter
Our adversaries are always probing our defenses and trying to exploit any weakness. we must defend at the speed of innovation. 🦅 At the NCIF conference, Acting Principal Deputy CIO Aaron Bishop explained why the @DeptofWar is embracing active defense powered by #AI to counter https://t.co/Z6a3USCppZ
Twitter
On the 82nd anniversary of the Normand landings, the DoW CIO salutes the brave American and allied men and women who freed the world from the grip of tyranny. https://t.co/iY4hr8aNQu
Twitter
Electric energy yesterday as the DoW CIO @DoWCIODavies spoke to a full room at the Gartner® Security & Risk Management Summit on June 3rd in National Harbor, MD, standing shoulder-to-shoulder with colleagues from across the @DeptofWar and interagency partners! Under the https://t.co/TO825Sr8PK Electric energy yesterday as the DoW CIO @DoWCIODavies spoke to a full room at the Gartner® Security & Risk Management Summit on June 3rd in National Harbor, MD, standing shoulder-to-shoulder with colleagues from across the @DeptofWar and interagency partners! Under the https://t.co/TO825Sr8PK
Twitter
Amazing kickoff at #TechNetCyber! Honorable Davies opened the conference, delivering an inspiring address to a crowd of over 2,000 cyber, IT, and defense leaders. A special thank you to the @AFCEA team for organizing an outstanding event as we celebrate #America250. During her https://t.co/uQ03Sb0Bvv Amazing kickoff at #TechNetCyber! Honorable Davies opened the conference, delivering an inspiring address to a crowd of over 2,000 cyber, IT, and defense leaders. A special thank you to the @AFCEA team for organizing an outstanding event as we celebrate #America250. During her https://t.co/uQ03Sb0Bvv
Twitter
DoW CIO Kirsten Davies hosted Director General Tae Kon Kim, Defense Acquisition Program Administration (@dapapr) last week. Their meeting reaffirmed our two nations shared commitment to risk-based frameworks for defense technologies. @SecWar Hegseth has discussed the importance https://t.co/Lr3Sk394E5 DoW CIO Kirsten Davies hosted Director General Tae Kon Kim, Defense Acquisition Program Administration (@dapapr) last week. Their meeting reaffirmed our two nations shared commitment to risk-based frameworks for defense technologies. @SecWar Hegseth has discussed the importance https://t.co/Lr3Sk394E5
Twitter
The DoW is proud to see our cyber workforce mission recognized as Mr. Mark Gorak wins the 2026 @MeriTalk Powering Progress Award (Cyber Defender)! 🏆 Our people are our decisive edge. We are driving modernization by: ✔️ Focusing on demonstrated capabilities alongside academic https://t.co/PaX3eRxU7s The DoW is proud to see our cyber workforce mission recognized as Mr. Mark Gorak wins the 2026 @MeriTalk Powering Progress Award (Cyber Defender)! 🏆 Our people are our decisive edge. We are driving modernization by: ✔️ Focusing on demonstrated capabilities alongside academic https://t.co/PaX3eRxU7s
Twitter
The @DeptofWar is modernizing the Arsenal of Freedom with a $9.7B CETA contract with Dell Federal Systems for Microsoft services. 🦅 Delivering on @SecWar Hegseth’s mandate to reduce IT redundancies, this is not new spending. We are consolidating fragmented IT budgets into a https://t.co/LGWRSZxPZ1 The @DeptofWar is modernizing the Arsenal of Freedom with a $9.7B CETA contract with Dell Federal Systems for Microsoft services. 🦅 Delivering on @SecWar Hegseth’s mandate to reduce IT redundancies, this is not new spending. We are consolidating fragmented IT budgets into a https://t.co/LGWRSZxPZ1
Twitter
RT @DoWCIODavies: An incredible honor to remember and celebrate our fallen warriors and American heroes at today’s Memorial Day services at…
Twitter
Please join the @DeptofWar CIO this Memorial Day weekend 🇺🇸in pausing to honor and remember the brave men and women of our Armed Forces who made the ultimate sacrifice in service to our nation. As we proudly support those who defend our nation across every domain — land, sea, https://t.co/AvzFhLVoDg Please join the @DeptofWar CIO this Memorial Day weekend 🇺🇸in pausing to honor and remember the brave men and women of our Armed Forces who made the ultimate sacrifice in service to our nation. As we proudly support those who defend our nation across every domain — land, sea, https://t.co/AvzFhLVoDg
Twitter
Hon Kirsten Davies, @DeptofWar CIO, led the U.S. delegation to the @NATO Digital Policy Committee. This is a bi-annual meeting of the Allies to discuss IT and Cyber initiatives ranging from the Alliance’s cloud program to its approach to Cybersecurity. Reinforcing the importance https://t.co/cxJYwJBj2G Hon Kirsten Davies, @DeptofWar CIO, led the U.S. delegation to the @NATO Digital Policy Committee. This is a bi-annual meeting of the Allies to discuss IT and Cyber initiatives ranging from the Alliance’s cloud program to its approach to Cybersecurity. Reinforcing the importance https://t.co/cxJYwJBj2G
Twitter
Mr. Aaron Bishop, DoW CISO and acting Deputy CIO for Cybersecurity, spoke today at the @PotomacOfficers Club 2026 Cyber Summit to discuss key features of the @DeptofWar way ahead for IT and Cyber transformation with an the audience of GovCon leaders. Cybersecurity always will be https://t.co/AtJCqruNpg
Twitter
Happy Armed Forces Day! 🇺🇸🦅 250 years strong—and still standing watch. As we mark the 250th anniversary of the United States, we honor those who have defended our nation from its founding to today—serving across every branch of our Armed Forces: Army, Navy, Marine Corps, Coast https://t.co/LE4mlrrfa4 Happy Armed Forces Day! 🇺🇸🦅 250 years strong—and still standing watch. As we mark the 250th anniversary of the United States, we honor those who have defended our nation from its founding to today—serving across every branch of our Armed Forces: Army, Navy, Marine Corps, Coast https://t.co/LE4mlrrfa4
Twitter
The Honorable Kirsten Davies, thanked her Five Eyes CIO counterparts for their hard work and candid discussion last week as part of the Defense CIO Forum (#DCIOF) and Combined Digital Leadership Summit (#CDLS). “This was my first time leading the US delegation to the CDLS and I https://t.co/2N3iCSGBmp The Honorable Kirsten Davies, thanked her Five Eyes CIO counterparts for their hard work and candid discussion last week as part of the Defense CIO Forum (#DCIOF) and Combined Digital Leadership Summit (#CDLS). “This was my first time leading the US delegation to the CDLS and I https://t.co/2N3iCSGBmp
Twitter
The @DeptofWar successfully wrapped the Combined Digital Leadership Summit (#CDLS 26.1) last week. Together with our Five Eyes partners, we are accelerating joint digital warfighting capabilities and moving hashtag#ProjectArcadia into operational reality. The core mission: https://t.co/GZ690pibFA The @DeptofWar successfully wrapped the Combined Digital Leadership Summit (#CDLS 26.1) last week. Together with our Five Eyes partners, we are accelerating joint digital warfighting capabilities and moving hashtag#ProjectArcadia into operational reality. The core mission: https://t.co/GZ690pibFA
Twitter
The @DeptofWar CIO's Office is proud to announce our Workforce Innovation Directorate’s (WID) has been awarded the 2026 Government Information Technology Council’s Workforce Development Award! This award, presented by the Advanced Technology Academic Research Center (ATARC), https://t.co/5KXxjogR31 The @DeptofWar CIO's Office is proud to announce our Workforce Innovation Directorate’s (WID) has been awarded the 2026 Government Information Technology Council’s Workforce Development Award! This award, presented by the Advanced Technology Academic Research Center (ATARC), https://t.co/5KXxjogR31
Twitter
In a high-stakes environment, isolated data can cost us the tactical advantage. The @DeptofWar's business systems must communicate seamlessly to be effective. The new Business Enterprise Architecture (BEA) Guidebook is the master blueprint that makes this interoperability happen. https://t.co/hPl5Y8wRFU In a high-stakes environment, isolated data can cost us the tactical advantage. The @DeptofWar's business systems must communicate seamlessly to be effective. The new Business Enterprise Architecture (BEA) Guidebook is the master blueprint that makes this interoperability happen. https://t.co/hPl5Y8wRFU
Twitter
Pictured from left to right: Brandon Cross and Holly Yuan, University of Wisconsin-Stout; Brian Scavotto, North Carolina A&T; and Amith Kamath Belman, San Jose State University
Twitter
Congrats to the ASCEND Challenge winners announced at the NCAE-C Symposium! 🏆 The @DeptofWar Office of the CIO commends Holly Yuan & Brandon Cross (UW-Stout), Brian Scavotto (NC A&T), and Amith Kamath Belman (SJSU). Your groundbreaking AI & cyber frameworks are forging the next https://t.co/DHiTiTP0f3 Congrats to the ASCEND Challenge winners announced at the NCAE-C Symposium! 🏆 The @DeptofWar Office of the CIO commends Holly Yuan & Brandon Cross (UW-Stout), Brian Scavotto (NC A&T), and Amith Kamath Belman (SJSU). Your groundbreaking AI & cyber frameworks are forging the next https://t.co/DHiTiTP0f3
Twitter
The @DeptofWar CIO, Hon @DoWCIODavies, is excited to highlight the Cyber Academic Engagement Office (#CAEO) Community Exchange “Listening Room” at this year’s Center for Academic Excellence (CAE) in Cybersecurity Symposium in Pittsburgh, PA. Over the past week, this space https://t.co/E2yir592XM The @DeptofWar CIO, Hon @DoWCIODavies, is excited to highlight the Cyber Academic Engagement Office (#CAEO) Community Exchange “Listening Room” at this year’s Center for Academic Excellence (CAE) in Cybersecurity Symposium in Pittsburgh, PA. Over the past week, this space https://t.co/E2yir592XM
X
7,332
Follow Us