{"id":124726,"date":"2022-11-22T12:40:00","date_gmt":"2022-11-22T20:40:00","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?p=124726"},"modified":"2023-05-15T23:06:13","modified_gmt":"2023-05-16T06:06:13","slug":"microsoft-supports-the-dods-zero-trust-strategy","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/11\/22\/microsoft-supports-the-dods-zero-trust-strategy\/","title":{"rendered":"Microsoft supports the DoD’s Zero Trust strategy"},"content":{"rendered":"\n
The Department of Defense (DoD) released its formal Zero Trust strategy<\/a> today, marking a major milestone in its goal of achieving enterprise-wide implementation by 2027. The strategy comes at a critical time as United States government networks continue to face nearly half the global nation-state attacks that occur, according to the Microsoft Digital Defense Report 2022.1<\/sup><\/p>\n\n\n\n Microsoft applauds the DoD\u2019s ongoing efforts to modernize and innovate its approach to cybersecurity. The DoD released its initial Zero Trust reference architecture shortly before last year\u2019s White House executive order on cybersecurity2<\/sup> and quickly followed with Version 2.0 in July 2022.3<\/sup> The latest update provides crucial details for implementing the Zero Trust strategy, including clear guidance for the DoD and its vendors regarding 45 separate capabilities and 152 total activities. <\/p>\n\n\n\n While Zero Trust initiatives have been underway for years across various departments, this updated strategy seeks to unify efforts to achieve a strong, proven defensive posture against adversary tactics. Collaborating on Zero Trust<\/a> has been a challenge across the industry as it can be difficult to compare Zero Trust implementations across organizations and technology stacks. However, the level of detail found in the DoD’s strategy provides a vendor-agnostic, common lens to evaluate the maturity of a variety of existing and planned implementations that were derived from the DoD’s unique insights into cyberspace operations.<\/p>\n\n\n\n Furthermore, the DoD\u2019s shift from a compliance and controls-based approach to an outcomes-focused methodology\u2014meaning the job is done when the adversary stops, not just when the controls are in place\u2014stands out as a best practice not seen elsewhere to this extent.<\/p>\n\n\n\n Strong industry and public sector partnerships are at the heart of our approach, which is why Microsoft was invited by the DoD to discuss how its Zero Trust definitions would map to new and existing computing environments.<\/p>\n\n\n\n Microsoft is uniquely suited to support the DoD in its Zero Trust mission as both a leading cloud service provider to the government and a security company. Microsoft is recognized as a Leader in five Gartner\u00ae Magic Quadrant\u2122 reports4,5,6,7,8,9<\/sup> and seven Forrester Wave\u2122 categories,10,11,12,13,14,15,16<\/sup> representing a full array of fit-for-purpose security tools to achieve Zero Trust outcomes. These components are pre-integrated to provide a strong baseline and a fast path to comprehensive coverage across the DoD’s seven pillars and 45 capabilities of Zero Trust to achieve both target and advanced activities.<\/p>\n\n\n\n Beyond comprehensive coverage of the DoD\u2019s latest capabilities requirements, our strong baseline is further enhanced by an open ecosystem of more than 90 partner Zero Trust solutions from leading security companies that integrate directly with our platform. To name a few:<\/p>\n\n\n\n Lastly, Microsoft is deeply committed to promoting cyber resilience and strengthening our nation\u2019s cyber defenses. This responsibility is demonstrated by our work with the National Institute of Standards and Technology\u2019s (NIST\u2019s) National Cybersecurity Center of Excellence (NCCoE) to develop practical, interoperable Zero Trust approaches and architectures<\/a>, as well as our continued participation in the Joint Cyber Defense Collaborative<\/a> established by Cybersecurity & Infrastructure Security Agency (CISA).<\/p>\n\n\n\n Zero Trust philosophy is deeply rooted in lessons learned, and the DoD has embraced this aspect by evaluating ongoing pilots and assessments as a research and development activity. Over the past years, Microsoft has partnered with various departments across the DoD to accelerate Zero Trust adoption through several pilot and production implementations, providing agencies with a predictable path to achieving target objectives.<\/p>\n\n\n\n One such example is the United States Navy\u2019s innovative Flank Speed program<\/a>, which incorporates key federal and DoD efforts to protect nearly 500,000 identities and devices while improving user experience. The Navy\u2019s large-scale deployment\u2014encompassing components including continuous authorization, big data, and comply-to-connect (C2C)\u2014is already utilizing many of the Zero Trust activities put forth in the DoD\u2019s strategy.<\/p>\n\n\n\n Embrace proactive security with Zero Trust<\/a>.<\/p>\n\n\n\n For more deployment information, tools, and resources as we work together to improve our nation\u2019s cybersecurity, visit the Microsoft cybersecurity for government<\/a> page.<\/p>\n\n\n\n To learn more about Microsoft Security solutions, visit our website<\/a>. Bookmark the Security blog<\/a> to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity<\/a> for the latest news and updates on cybersecurity.<\/p>\n\n\n\nBuilding a secure foundation for Zero Trust together<\/h2>\n\n\n\n
Real-world pilots and implementations are driving continuous learning and improvement<\/h2>\n\n\n\n
Learn more<\/h2>\n\n\n\n