Connect with us

Hi, what are you looking for?

Cyber Security

DISA Releases Initial Zero Trust Reference Architecture

The architecture will help the military “maintain information superiority on the digital battlefield,” according to the press release.

The Defense Information Systems Agency finished the initial version of its zero-trust reference architecture for cybersecurity, according to a May 13 press release

Zero trust is a cybersecurity paradigm that calls for a data-focused, rather than network and perimeter-based, approach—and though the concept has been gaining steam in government, an executive order released May 12 specifically directs agencies to implement it. Then-DISA Director Vice Adm. Nancy Norton originally announced in July that DISA would release a zero-trust reference architecture for the Defense Department. 

“The intent and focus of zero-trust frameworks is to design architectures and systems to assume breach, thus limiting the blast radius and exposure of malicious activity,” Brandon Iske, DISA Security Enablers Portfolio chief engineer, said in the release. 

A public version of the architecture was posted online this week, and Joe Brinker, DISA Security Enablers Portfolio manager, told Nextgov in an email the document is meant to be “dynamic,” with an updated version is already under development and expected later this year.

While zero trust does rely on some technologies like identity and credential access management, officials emphasize that it’s not something that can simply be bought and turned on. Rather, it’s a strategy—a mindset change. 

The press release highlighted zero trust’s foundational principles: never trust, always verify; assume breach; and verify explicitly and said the architecture will help “the U.S. military maintain information superiority on the digital battlefield.”

DISA’s architecture comes after more than a year of widespread telework along with several significant systems breaches—most recently the Colonial Pipeline hack—have raised concerns with existing cybersecurity practices. Recent guidance from the National Security Agency said zero-trust environments create more opportunities for detecting novel threats.

NSA is one of the agencies DISA worked with on the reference architecture. It also partnered with U.S. Cyber Command and the DOD chief information officer, according to the release. 

DOD already has some pockets of zero trust activity. For example, Platform One and Cloud One, two Air Force programs, are fully architected for zero trust. And the Air Force chief information officer said the service is working on zero trust for its Office 365 implementation

“Moving forward, DISA will continue to partner with DoD components in planning the implementation of ZT across the department and the development of ZT-aligned enterprise capabilities,” Brinker said in the release.

Brinker added over email that formal implementation planning for zero trust is still underway, but that DISA views “ZT adoption as a continuous evolution” where fundamental concepts like identity management, Security Technical Implementation Guides and patching can be adopted ahead of formal guidance.

Source: https://www.nextgov.com/cybersecurity/2021/05/disa-releases-initial-zero-trust-reference-architecture/174050/

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

You May Also Like

Cyber Security

A top Defense Department official described the private sector as “absolutely essential” in implementing the agency’s new cyber strategy. A top Defense Department official...

Cyber Security

The agency is utilizing a relaunched cybersecurity coordination center and additional programs to significantly ramp up interactions with key partners, a top official said....

Cyber Security

The nation’s cyber defense agency is building onto White House efforts to secure schools’ systems nationwide with the help of major education software companies....

Cyber Security

A new report says a cyber threat actor within Russia’s military intelligence service leveraged a novel malware campaign targeting Android devices used by the...

Copyright © 2023 Newsworthy News | Global | Political | Local | All News | Website By: Top Search SEO