An official website of the United States government
Here's how you know
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

Home : JKO : Latest News : JKO Customer Spotlights

Joint Knowledge Online - JKO

 

JOINT KNOWLEDGE ONLINE
Help Desk 757-203-5654 - js.jko.helpdesk@mail.mil
 

Moving the U.S. Government Toward Zero Trust Cybersecurity Principles


By Joint Knowledge Online | November 30, 2022

The Zero Trust Awareness course is now available on JKO as the Department of Defense (DOD) rolls out its new Zero Trust Strategy.

 

The first in a series of training courses designed to facilitate this movement begins with general awareness of Zero Trust for all audiences across the DOD enterprise.  Three additional one-hour courses, tailored for specific audiences, including executives and information technology professionals, will follow. These courses are being provided by the Chief Information Officer’s Zero Trust Portfolio Management Office (ZT PfMO), in collaboration with Defense Acquisition University (DAU). 

 

Zero Trust course now available on JKO.

 

Zero Trust Architecture was introduced as a federal government requirement by May 2021 Executive Order 14028 Improving the Nation’s Cybersecurity as necessary means to bolster national cybersecurity.  The DOD Zero Trust Strategy now calls for implementation of Zero Trust along with the considerable cultural change necessary to embrace and execute Zero Trust Architecture principles beginning in FY2023 and continuing throughout the next five years and beyond.

 

“It really challenges the Department of Defense and anybody going to Zero Trust that it really is a fundamental shift in the culture itself,” said Randy Resnick, director of the DOD Zero Trust Portfolio Management Office.

 

Zero Trust is a set of principles essentially based on the assumption that our computing environment is already compromised.  As described in the DOD Zero Trust Reference Architecture, “The foundational tenet of the Zero Trust Model is that no actor, system, network, or service operating outside or within the security perimeter is trusted. Instead, we must verify anything and everything attempting to establish access. It is a dramatic paradigm shift in philosophy of how we secure our infrastructure, networks, and data, from verify once at the perimeter to continual verification of each user, device, application, and transaction.”

 

The core principle of the DOD Zero Trust strategy is a paradigm shift from what some have called “trust but verify” and perimeter security to “never trust, always verify.” A Zero Trust strategy for data protection is essential because it allows enterprises to no longer offer implicit trust to users, network locations, and devices. Instead, all data access requests are considered hostile, regardless of whether they come from within or outside an organization. Zero Trust allows users and devices to safely access data, apps, and resources, by ensuring continuous authentication, authorization, and regular validation.

 

By validating the identity of users non-stop, continuous authentication works as the main component of “never trust, always verify,” which is the foundation of a Zero Trust architecture. 

 

Zero trust is a cross-cutting concept not bound by one specific technology.  It is a challenge across DOD doctrine, organization, training, materiel, leadership and education, personnel, facilities, and policy.  The initial Zero Trust Awareness course and associated relevant training, tailored to specific audiences, will be a critical component for implementing Zero Trust across the DOD.

 

Joint Knowledge Online - Joint Staff J-7
Suffolk Complex 116 Lakeview Parkway, Suffolk VA 23435
757-203-5654 - ​js.jko.helpdesk@mail.mil