The Pentagon will begin reviewing its Zero-Trust cybersecurity strategy implementation plans in the coming weeks.
Director of the zero trust portfolio management office Randy Resnick will lead the assessment after receiving blueprints from each US military component next month.
“So next month, we’re getting their plans… [from] not only military services but all the different components,” Breaking Defense quoted Pentagon chief information officer John Sherman as saying.
“So I’d suspect each of the components — matter of fact I know they are — are taking a little bit different path to get there. So that’s a very important milestone coming out here next month to get these plans and start to assess them.”
The Zero-Trust Approach
The Department of Defense intends to build a comprehensive cybersecurity framework underpinned by Zero-Trust principles.
The approach presupposes a network to be perpetually at risk of breach or already breached, necessitating continuous validation of users and devices.
It focuses on the seven pillars: user, device, application, data, network, automation, and audit.
“This ‘never trust, always verify’ mindset requires us to take responsibility for the security of our devices, applications, assets, and services; users are granted access to only the data they need and when needed,” according to the strategy.
“We all must play a role in combating our adversaries by acting quickly and correctly to address security threats wherever and whenever they arise.“
The Road Ahead
The defense department outlined that a minimum of 91 activities need to be required to achieve the “targeted” level of Zero-Trust by fiscal 2027.
“An additional 61 activities outlined in the strategy will get the Pentagon to a more ‘advanced’ level of zero trust later,” according to Breaking Defense.