The Department of Defense’s Office of the Chief Information Officer has published a comprehensive document to guide the department’s zero trust journey.
Titled “Zero Trust Overlays,” the 400-page document is intended to offer an additional asset for those responsible for zero trust implementation across the department, the DOD said Tuesday.
“The zero trust overlays are another tool in the department’s toolbox supporting components’ execution by providing clear guidance on which controls facilitate specific zero trust activities and outcomes,” explained David McKeown, deputy CIO for cybersecurity and chief information security officer at the Pentagon.
McKeown will speak at the Potomac Officers Club’s 2024 Cyber Summit on Thursday. Tickets are still available, so take advantage of this opportunity to hear even more of his insights in person. Register here.
The zero trust overlays grew from previous strategies such as the DOD Zero Trust Reference Architecture and the DOD Zero Trust Capability Roadmap, which previously identified seven pillars of zero trust: user; device; applications and workload; data; network and environment; automation and orchestration; and visibility and analytics.
They are intended to supplement baseline security controls laid out in the Risk Management Framework with more precise instructions for modifications relevant to the process of zero trust implementation.
In 2022, the department set a goal of implementing zero trust by 2027, but McKeown recently said that officials may move that deadline forward.