The Department of Defense (DoD) is on track to meet its 2027 zero trust cybersecurity framework goal, top Pentagon officials said this week.
In 2022, DoD released its zero trust strategy and roadmap outlining how the agency plans to fully implement a department-wide zero trust cybersecurity framework by fiscal year (FY) 2027. The department laid out high-level goals — cultural adoption, security and defense of DoD information systems, technology acceleration, and zero trust enablement — to achieve that zero trust vision.
Since then, the department has been on a laser-focused path to reach its 2027 zero trust goal, said David McKeown, DoD deputy chief information officer, during a virtual two-day Zero Trust Symposium hosted by the Defense Acquisition University.
“Zero trust integration offers the most robust and reliable approach to cybersecurity, ensuring that our systems are resilient against evolving threats, while safeguarding our nation’s interests,” McKeown said.
“As the DoD’s lead for zero trust, we have made great progress,” he said, detailing several actions taken by the department to make this effort a reality.
The most significant action are the reviews and approval of zero trust implementation plans from all DoD components last month. The department received and approved zero trust implementation plans from all 41 of its components, inching closer to its goal of implementing a zero trust architecture across the entire department by 2027. Version 2.0 of the implementation plans are due to DoD in October.
In addition, the department has also taken several steps to align resources and capabilities at the component level and to work with industry to build solutions towards a department-wide zero trust architecture.
“It is not just a program, or a new application, zero trust is an evolution of our entire security landscape,” McKeown said. “By embracing it, we not only protect our data, but we strengthen our defenses and preserve our way of life.”
Speaking at the same event, DoD CIO John Sherman explained during his keynote speech that implementing the framework has been an “absolute top priority” for the department.
“If you look at our funding, and if you look at our cyber investments we’re making and the time we’re spending, zero trust is first and foremost among what we’re doing,” Sherman said.
When Sherman first announced DoD’s intention to implement a department-wide zero trust architecture he acknowledged that the plan was ambitious, but “what once seemed unachievable just a few years ago is now becoming a reality,” he said.