Cybersecurity priorities at DoD to follow "zero-trust" strategyNews
November 28, 2022
WASHINGTON. The U.S. Department of Defense (DoD) unveiled a cybersecurity plan and roadmap that lays out a zero-trust strategy that will guide DoD agencies in their cybersecurity investments and efforts in the coming years to reach a certain level of zero-trust maturity over the next five years
The Pentagon aims to counter a “rapid growth” in offensive cyber threats by shifting away from a perimeter defense model to a “never trust, always verify” mindset, DoD chief information officer John Sherman wrote in the foreword to the strategy, as reported in a DoD news release.
The strategy lays out four strategic goals: adoption of a zero-trust culture, securing and defending DoD information systems, technology acceleration, and zero-trust enablement. It also includes 45 separate capabilities organized around seven main areas including users, devices, networks and environments, applications and workloads, and data. Some of the initially targeted capabilities in the next few years will be user inventories, federated identity-credential and access-management solutions, endpoint detection and response tools, and software-defined networking.
In its announcement, the DoD said it expects to achieve the “target” level goals by fiscal 2027.