Accessibility Tools

Skip to main content

Access World-Class NIST RMF Documentation with ASP Learn More

Zero Trust by 2027? That’s the Plan for the DoD

On November 22, 2022, the Department of Defense released its Zero Trust Strategy and Roadmap, for which the DoD intends to implement distinct Zero Trust capabilities and activities as outlined in the strategy and associated Roadmap by FY27.

The strategy envisions a DoD Information Enterprise secured by a fully implemented, Department-wide Zero Trust cybersecurity framework that will reduce the attack surface, enable risk management and effective data-sharing in partnership environments, and quickly contain and remediate adversary activities.

The strategy outlines four high-level and integrated strategic goals that define what the Department will do to achieve its vision for ZT:

  • Zero Trust Cultural Adoption – All DoD personnel are aware, understand, are trained, and committed to a Zero Trust mindset and culture and support integration of ZT.
  • DoD information Systems Secured and Defended – Cybersecurity practices incorporate and operationalize Zero Trust in new and legacy systems.
  • Technology Acceleration – Technologies deploy at a pace equal to or exceeding industry advancements.
  • Zero Trust Enablement – Department- and Component-level processes, policies, and funding are synchronized with Zero Trust principles and approaches.

A large part of Zero Trust's success will require comprehensive cloud security measures to be in place.

The strategy, according to David McKeown, the DoD’s acting Chief Information Officer for Cybersecurity, to a year to develop, noting that “With the publication of this strategy we have articulated the ‘how’ that can address clear outcomes of how to get to zero trust — and not only accelerated technology adoption, as discussed but also a culture of zero trust at DOD and an integrated approach at the department and the component levels.”

The move away from perimeter-based defenses to zero trust is a bold one indeed, regardless, every entity within the DoD apparatus must adopt it, according to DoD CIO John Sherman. Lastly, according to Randy Resnizk, the director of the Zero Trust Portfolio Management Office, “DOD zero trust target level is deemed to be the required minimum set of zero trust capability outcomes and activities necessary to secure and protect the department’s data, applications, assets, and services, to manage risks from all cyber threats to the Department of Defense.”

About Arlington

We are Arlington, a team of innovative, solution-oriented, highly agile, and well-versed professionals with decades of experience in working with America’s defense industry. From emerging cybersecurity regulations to helping our clients solve complex security & compliance solutions – and so much more – you can trust Arlington, the firm that’s Dedicated to Defense®.  Learn more at