The Defense Information Systems Agency (DISA) is well prepared to meet the Department of Defense’s (DoD) 2027 zero trust architecture goal, officials said on Nov. 7 at a DISA press conference.
The agency has several initiatives underway and some tools already in place that meet the pillars and capabilities set out in the DoD’s zero trust architecture goal, said Brian Hermann, the director of DISA’s Cyber Security and Analytics Directorate.
DoD Chief Information Officer (CIO) John Sherman first announced the ambitious goal in August, saying that DoD planned to implement a zero trust architecture across the entire department by 2027. Sherman signed off on the written strategy last Thursday, and the strategy currently under final classification reviews and expected to be released soon.
Lt. Gen. Robert Skinner, DISA director and commander of the Joint Force Headquarters at the DoD Information Network, explained that the zero trust strategy from DoD is different from its previous zero trust framework. The strategy outlines seven pillars and evolving levels of maturity for each.
The strategy also includes three methods to get after DoD’s targeted zero trust goals. Those include uplifting each service and agency’s current environment to satisfy some 90 capabilities, and implementing a zero trust cloud on-premise that meets the highest level of zero trust.
“We’re well on our way to meeting that goal,” Hermann said. “For example, in some areas, we already have capabilities that allow us to understand everything about a device – whether it’s on a trusted network, patched properly – and help us determine if we should put our trust in that device.”
DISA has also adopted identity, credential, and access management (ICAM) capabilities into its network to control “which individuals are accessing our networks and what are their credentials,” he added.
“Those capabilities are there and growing. With ICAM, the department started primarily focusing on financial applications because we were trying to resolve some audit findings. But now we’ve opened the floodgates and allow every application owner to be able to take that on,” Hermann said.
But while Hermann feels confident that the agency has the tools in place to meet the department’s 2027 zero trust goal, he acknowledged that the agency faces a challenge in getting application owners to adopt those tools.
Officials also agreed that while DoD’s zero trust goal is undeniably ambitious, it justifies the work that DISA has underway and continues to foster innovation and creativity.
“It’s an ambitious goal, but that ambition drives innovation,” said Skinner.
“This [goal] will enable us to focus on the pillars and frameworks and how to achieve them. I think we’re going to get there. And when we do, we will be so much further along than today, and it gives me a lot of confidence in our ability to be resilient and ready for the future,” he said.