Microsoft supports the DoD’s Zero Trust strategy

The Department of Defense (DoD) released its formal Zero Trust strategy today, marking a major milestone in its goal of achieving enterprise-wide implementation by 2027. The strategy comes at a critical time as United States government networks continue to face nearly half the global nation-state attacks that occur, according to the Microsoft Digital Defense Report 2022.1

Microsoft applauds the DoD’s ongoing efforts to modernize and innovate its approach to cybersecurity. The DoD released its initial Zero Trust reference architecture shortly before last year’s White House executive order on cybersecurity2 and quickly followed with Version 2.0 in July 2022.3 The latest update provides crucial details for implementing the Zero Trust strategy, including clear guidance for the DoD and its vendors regarding 45 separate capabilities and 152 total activities. 

While Zero Trust initiatives have been underway for years across various departments, this updated strategy seeks to unify efforts to achieve a strong, proven defensive posture against adversary tactics. Collaborating on Zero Trust has been a challenge across the industry as it can be difficult to compare Zero Trust implementations across organizations and technology stacks. However, the level of detail found in the DoD’s strategy provides a vendor-agnostic, common lens to evaluate the maturity of a variety of existing and planned implementations that were derived from the DoD’s unique insights into cyberspace operations.

Furthermore, the DoD’s shift from a compliance and controls-based approach to an outcomes-focused methodology—meaning the job is done when the adversary stops, not just when the controls are in

Read more

Explore the site

More from the blog

Latest News