Zero Trust (ZT) potentially transforms DoD Cybersecurity. ZT is a cybersecurity strategy wherein security policy is applied based on context established through least-privileged access controls and strict user authentication—not assumed trust. Programs implementing ZT need awareness of three logical components (described in National Institute of Standards and Technology (NIST) SP 800-207): the Policy Engine (PE), Policy Administrator (PA), and Policy Enforcement Points (PEP). The PE fuses information sources like: network and endpoint configurations; data tagging; user analytics; access control; and policy orchestration. The PE makes risk-based access decisions based on device, asset status, and environmental factors. It determines when access becomes an unacceptable risk. NIST SP 800-207 "Zero Trust Architecture" describes the PE as "the brain and the PE's trust algorithm as its primary thought process."
A robust ZT implementation can lead to better user experience and improved cyberthreat defense. Understanding the PEP is critical for enabling automation and orchestration in ZT implementations. This session helps program offices implement their ZT strategy, starting with the PEP. It establishes a framework for ZT implementation and discusses additional PEP training/resources. Our ultimate ZT goals are mission assurance and dynamic network maneuver.
Join David Voelker to better understand the DoD’s zero trust strategy and successful implementation of a critical enabling ZT capability