What is Zero Trust?
Zero Trust (ZT) is an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources. ZT is not a capability or device you buy, rather it is a security framework, an architectural approach, and a methodology to prevent malicious actors from accessing our most critical assets and reducing existing attack surfaces. This security framework and mindset guides the design, development, integration, and deployment of information technology across the DoD Cyber Ecosystem. The concept of trusted networks, devices and endpoints geared towards perimeter-based defenses will shift toward a “never implicitly trust, always verify” approach. Network cybersecurity must be focused on the practice of continually verifying the identity, authorization, and authentication of data, users, and devices at all times.
Zero Trust Goal: Prevent data breaches and protect Data, Applications, Assets, and Services (DAAS).
Everyone has a role to play. This mindset should begin with assuming a hostile environment and presuming that a breach has already occurred.
We all must play a role in combating our adversaries by acting quickly and correctly to address security threats wherever and whenever they arise” and that's where Zero Trust comes in.
—DoD Zero Trust Strategy, Hon. John Sherman
For more information, contact [email protected].