U.S. flag

An official website of the United States government

Dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Https

Secure .gov websites use HTTPS
A lock () or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Breadcrumb

  1. Home
  2. Zero Trust
  3. Zero Trust: DoD Strategy

Zero Trust: DoD Strategy

White and blue banner with 1s and 0s, map, and monitor dials. Zero Trust Awareness written in light blue and white in the center.

Zero Trust Strategy for the Department of Defense

The government can no longer depend only on traditional strategies and defenses to protect critical systems and data. Adoption of a Zero Trust mindset helps us assume attackers are already in our system. Given the cyber attacks the DoD faces on a continual basis, this is an easy and important assumption.

Mission:

Provide strategic guidance, direct alignment of efforts, and prioritize resources to accelerate Zero Trust adoption across the DoD.

Vision:

A DoD Information Enterprise secured by a fully-implemented, Department-wide Zero Trust cybersecurity framework

Goals:
  1. Zero Trust Cultural Adoption
    A Zero Trust security framework and mindset guide the design, development, integration, and deployment of information technology across the DoD Zero Trust Ecosystem
  2. DoD Information Systems Secured & Defended
    DoD cybersecurity practices incorporate and operationalize Zero Trust to achieve enterprise resilience in DoD information systems
  3. Technology Acceleration
    Zero Trust-based technologies deploy at a pace equal to or exceeding industry advancements
  4. Zero Trust Enablement
    DoD Zero Trust execution integrates with Department- and Component-level process

Zero Trust Pillars

Zero Trust on top arch of colored pillars with 'DOTmLPF-P Execution Enablers' as floor of pillars. Red pillar: User. Continually authenticate, access, and monitor user activity patterns to govern users' access and privileges while protecting and securing all interactions. Blue pillar: Devices. Understanding the health and status of devices informs risk decisions. Real time inspection, assessment and patching informs every access request. Orange pillar: Applications & Workloads. Secure everything from Applications to hypervisors, to include the protection of containers and virtual machines. Gray pillar: Data. Data transparency and visibility enabled and secured by enterprise infrastructure, applications, standards, robust end-to-end encryption, and data tagging. Dark blue pillar: Network & Environment. Segment, isolate, and control (physically and logically) the network environment and granular policy and access controls. Green pillar: Automation & Orchestration. Automated security response based on defined processes and security policies enabled by AI, eg., blocking actions or forcing remediation based on intelligent decisions. Yellow pillar: Visibility & Analytics. Analyze events, activities, and behaviors to derive context and apply AI/ML to achieve a highly personalized model that improves detection and reaction time in making real-time access decisions.

  • Blue icon of an award ribbon.

    Zero Trust Reference Architecture

  • Blue icon of a file with lines on it.

    Zero Trust Strategy

  • Blue icon of a person with a pencil

    Zero Trust Memo