14
Figure 4. DoD Zero Trust Strategy Goals and Objectives
1. Zero Trust Cultural Adoption
A Zero Trust security framework and
mindset that guides the design,
development, integration, and
deployment of information technology
across the DoD Zero Trust Ecosystem
2. DoD Information Systems
Secured & Defended
DoD cybersecurity practices incorporate
and operationalize Zero Trust to
achieve enterprise resilience in DoD
information systems*
3. Technology Acceleration
Zero Trust-based technologies deploy at
a pace equal to or exceeding industry
advancements to remain ahead of the
changing threat environment
DoD Zero Trust execution integrates
with Department-level and Component-
level processes resulting in seamless
and coordinated ZT execution
1.1 Commitment. Transform DoD
cybersecurity to a ZT framework
that is universally understood,
accepted, and embraced by DoD
Components Start: FY2023
4.2 Planning. Incorporate ZT
requirements into DoD-wide and
Component-specific strategies,
policies, frameworks, and
directives, and contracts by end of
FY2023 and next iteration through
FY 2027
4.3 Programming. Align DoD Future
Years Defense Program (FYDP) to
adequately support execution of
the ZT Implementation Roadmap by
FY2023 and updated iteratively
4.1 Policy. Establish a unified policy
and other guidance to integrate the
latest tested and proven
cybersecurity best practices,
standardize management of
requirements, and share best
practices by end of FY2023 and
refine iteratively through FY2027
4.4 Funding. Resource through the
FYDP process the ZT capabilities,
technologies, and initiatives by end
of FY2027
4.5 Acquisition. Develop a plan to
acquire and deploy solutions and
technologies that advance ZT by
early FY2023 and refine iteratively
through FY2027
4.6 Performance. Measure ZT
capability deployment and maturity
through key performance indicators
and associated metrics to monitor
and advance ZT execution through
4.7 Zero Trust PfMO. Mature the ZT
PfMO by end of FY2023 to act as a
trusted partner for orchestrating ZT
across the DoD IE and to provide
strategic oversight, execution
direction, and resource priorities to
accelerate ZT adoption
comprehensive ZT outreach
initiative to inform and share data
from ZT efforts and to define
standards, minimize duplications,
emphasize successes, and to
facilitate an open exchange of
information sharing with DoD,
federal, and academia partners by
end of FY2023, and iteratively
updated through FY2027
1.3 Awareness. Implement internal
and external communication
campaigns at all levels, including
with the DIB and foreign allies as
appropriate, to include
Department-wide advocacy,
awareness, and support for the
implementation of the DoD ZT
strategy goals and objectives by end
of FY2023, and iteratively updated
1.4 Workforce. Identify and develop
a cadre of ZT professionals by end
of FY2025
1.5 Training. Embed ZT training
across DoD Components, related
workforce requirements, and
certification standards by end of
FY2024
2.1 User. Secure, limit, and enforce
strong authentication of person and
2.2 Device. Identify, inventory,
authorize, authenticate, and patch
all devices continuously and in real-
2.3 Applications & Workloads.
Secure all applications and
workloads, to include the
protection of containers and virtual
2.4 Data. Enable and secure data
transparency and visibility with
enterprise infrastructure,
applications, standards, robust
end-to-end encryption, and data
tagging
2.5 Network & Environment.
Segment (both logically and
physically), isolate, and control the
network/environment (on-
premises and off-premises) with
granular access and policy
restrictions
2.6 Automation & Orchestration.
Automate manual security and
other applicable processes to take
policy-based actions across the
enterprise with speed and at scale
2.7 Visibility & Analytics. Analyze
events, activities, and behaviors to
derive context and apply AI/ML to
achieve models that improve
detection and reaction time in
making real-time access decisions
3.1 Capabilities. Achieve intended
outcomes for ZT capabilities aligned
with planned increments as
described in the DoD ZT Capability
Implementation Roadmap through
end of FY2027
3.2 Architecture: Align, update, and
maintain agile-based reference
architectures and research,
development, and engineering
efforts with ZT architecture
principles by end of FY2023
3.3 Interoperability. Ensure the
compatibility and integration of
established institutionalized
standards, leverage assets and
knowledge, and ensure
compatibility between DoD
information systems and across the
DoD IE by end of FY2024
3.4 Ideation / Innovation. Vet, scale
and amplify emerging practices,
concepts, and technologies through
pilots and fast-fail, employing best
practices and lessons learned, on-
going through FY2027
*Note: See the ZT Capability
Roadmap for timeline to achieve
objectives in this Goal