Department of Defense Zero Trust Strategy

The Department of Defense (DoD) Zero Trust Strategy and Roadmap is a comprehensive approach to cybersecurity that assumes no user, network, or system is inherently trusted. The strategy envisions a DoD Information Enterprise secured by a fully implemented, Department-wide Zero Trust cybersecurity framework that will reduce the attack surface, enable risk management and effective data-sharing in partnership environments, and quickly contain and remediate adversary activities.

To ensure a consistent approach, the DoD implements Zero Trust under a framework of seven Zero Trust pillars and their supporting elements. These pillars form the foundational framework for the DoD Zero Trust Security Model and Architecture:

1. User
2. Device
3. Applications and workloads
4. Data
5. Network
6. Automation and orchestration
7. Visibility and analytics

The Zero Trust security model relies on dynamic policies encompassing authentication assurance, ongoing verification of user and endpoint identities, and applications/services and their respective assets. Each pillar's capabilities must synergize to safeguard this model's central data pillar.

The data pillar is crucial in this strategy, focusing on securing the most valuable asset: the data itself. Virtru's data-centric security platform and applications align most directly with this pillar, providing robust protection for sensitive information throughout its lifecycle.

This document provides guidance and recommendations on how the Virtru Data Security Platform can help achieve key elements of the DoD Zero Trust Strategy. While the Virtru Data Security Platform aligns to helping meet the DOD Zero Trust Strategy's data pillar requirements, it also enhances security across multiple pillars, including User, Device, Network, Automation and Orchestration, and Visibility and Analytics.