DISA issues zero-trust architecture guide
The Defense Information Systems Agency is laying the foundation for next-generation cybersecurity with the release of the initial Department of Defense Zero Trust Reference Architecture. The framework is designed to reduce DOD’s attack surface and ensure that if a device, network or user is compromised, the damage is quickly contained.
“The foundational tenet of the Zero Trust Model is that no actor, system, network, or service operating outside or within the security perimeter is trusted. Instead, we must verify anything and everything attempting to establish access,” the document states. “It is a dramatic paradigm shift in philosophy of how we secure our infrastructure, networks, and data, from verify once at the perimeter to continual verification of each user, device, application, and transaction.”
The reference architecture describes seven zero-trust pillars -- user, device, network/environment, application and workload, data, visibility and analytics and automation and orchestration -- and outlines the zero-trust capabilities aligned with each. The capabilities for the device pillar, for example, include identifying, authenticating, authorizing, inventorying, isolating, securing, remediating and controlling all devices. The architecture also outlines the technical, legal regulatory and procedural standards that apply to each pillar.
The standards forecast section details how the technology-related, operational or business standards are mapped to each pillar’s capabilities and whether those standards are emerging, active, mandated or retired. Additional sections describe the dependencies between planned capabilities, mapping between capabilities required and the activities and services that enable those capabilities.
“The intent and focus of zero trust frameworks is to design architectures and systems to assume breach, thus limiting the blast radius and exposure of malicious activity,” DISA Security Enablers Portfolio Chief Engineer Brandon Iske said in a statement.
The framework will evolve as requirements, technology and best practices mature, DISA said.
Connect with the GCN staff on Twitter @GCNtech.