Defense Department Releases Zero Trust Strategy

On Nov. 22, the U.S. Department of Defense released their Zero Trust Strategy, a new approach to countering cyberattacks. The new framework employs a “‘never trust, always verify’” mindset, deviating from the Defense Department’s previously used perimeter defense model. The strategy is prompted by the “rapid growth” of offensive cyber threats and aims to fully implement the department-wide model by fiscal year 2027.

Following the strategy’s release, all Defense Department components are required to “adopt and integrate Zero Trust capabilities, technologies, solutions, and processes across their architectures, systems, and within their budget and execution plans” and to integrate this mindset into their training processes. The document urges every member of the the department, “regardless of whether they work in technology or cybersecurity or the Human Resource department,” to develop a “Zero Trust Solution Architecture[]” using the guidelines in the strategy, including the four major strategic goals: zero trust cultural adoption, Defense Department information systems secured and defended, technology acceleration, and zero trust enablement.

You can read the strategy here or below.