(FiveNation.com)- The Department of Defense is adopting the zero trust (ZT) network principle that seeks to maintain operations of defense networks even under constant attack.
Zero trust requires that all endpoints on a network are authenticated, authorized, and monitored constantly to have access to applications or data.
According to the Pentagon’s chief information officer, John Sherman, the DoD hopes to have zero trust deployed through the Pentagon by 2027. To do that, the Pentagon will have to deploy the necessary techniques and tools for continual monitoring, authenticating, and validating endpoints.
Currently, the Pentagon has a program to provide the tools needed to pursue a zero trust strategy called Comply-to-Connect.
According to the Defense Information Security Agency, the Comply-to-Connect program establishes a framework of techniques and tools to “discover, identify, characterize, and report on all devices connecting to the network.”
Comply-to-Connect users and devices have to prove legitimacy before being able to operate on the Pentagon’s networks.
The program is set to be fully implemented on the Defense Department’s Non-classified Internet Protocol Router Network by June of next year. It will then be implemented on the Secret Internet Protocol Router Network by March 2024. Both the US Marine Corps and Navy have implemented Comply-to-Connect as well.
The Department of Defense will also need to establish a Risk Management Framework (RMF) to determine the responsibilities for implementing its security program and the metrics to determine its effectiveness.
You can read all about the Pentagon’s zero trust cybersecurity principle HERE.