DoD
The US Department of Defense's office of the Chief Information Officer (CIO) is responsible for all matters related to DoD information enterprise. This includes cybersecurity, communications, information systems, and more. The DoD CIO's library of resources related to information enterprise can be found here. Among the publications to be found in the CIO's digital library are the DoD's Zero Trust Reference Architecture and the DoD's Zero Trust Strategy.
Zero Trust Strategy
DoD's zero trust strategy provides guidance for "advancing Zero Trust concept development, gap analysis, requirements development, implementation, execution decision-making, and ultimately procurement and deployment of required ZT capabilities and activities." The strategy provides guidance for the design of a zero trust architecture.
At a high level, the DoD ZT strategy has 4 goals:
- Zero Trust cultural adoption
- securing and defending information systems
- technology acceleration
- Zero Trust enablement
The document explains how it will realize these goals and objectives.
Similar to CISA, DoD makes use of an organizing construct of seven pillars, each of which it associates with capabilities.
Zero Trust Reference Architecture
DoD's ZT strategy provides guidance for the design of a ZT architecture.
As such, the DoD's ZT RA provides more granular information, albeit at a high level, on implementing ZT in an enterprise environment. It provides useful schematic comparisons of network designs that are traditional, perimeter-based versus optimal, zero-trust based.