The U.S. Department of Defense is preparing itself to publish a zero-trust strategy in the coming days. The motive behind this act is to achieve a new level of cybersecurity since cyber threat groups are advancing their methods of targeting primary firms constantly.
Following the announcement, Pentagon Chief Information Officer John Sherman reported on Monday that he gave his approval to the new plan last Thursday and it is now going through the public review process. He also added that the documents will be out very soon.
The department previously had reported that the framework of the new look of cybersecurity would be unveiled in September and seeks to put the Defense Department on a path to reach what’s referred to as a “targeted” level of security by the year 2027.
David McKeown, deputy chief information officer for cybersecurity, said at the Billington Cybersecurity Summit, “We have a definition of what it takes to check the box and fulfill that particular capability. Those 90 capabilities are going to get us to what we’re calling targeted zero trust.”
The framework is being prepared on the seven pillars of zero trust and comprises more than 100 activities including applications, automation, and analytics, to keep critical data secure.
The Pentagon has increasingly been focusing on a zero-trust framework because it assumes a network is always at risk of being exposed to threats and it is a necessity that all users should be authenticated and authorized.
“A key tenet of a zero trust architecture is that no network is implicitly considered trusted — a principle that may be at odds with some agencies’ current approach to securing networks and associated systems and all traffic must be encrypted and authenticated as soon as practicable,” according to the memorandum. “A couple are at the 90% level for meeting those targeted zero trust capabilities. So we’re really excited about that, that we have those three offerings. The fact that we’re pointing to the cloud continues our strategy overall in the department to increase our cloud utilization and it also furthers the federal government’s goal of increasing cloud utilization.”
The department also explained that the framework includes three methods to target zero trust goals which include uplifting each service and agency’s current environment to satisfy the 90 capabilities and implementing a zero trust cloud on-premises that meets the highest level of zero trust.