22 Novembre 2022

Microsoft supports the DoD’s Zero Trust strategy

The Department of Defense (DoD) released its formal Zero Trust strategy today, marking a major milestone in its goal of achieving enterprise-wide implementation by 2027. The strategy comes at a critical time as United States government networks continue to face nearly half the global nation-state attacks that occur, according to the Microsoft Digital Defense Report 2022.1

Microsoft applauds the DoD’s ongoing efforts to modernize and innovate its approach to cybersecurity. The DoD released its initial Zero Trust reference architecture shortly before last year’s White House executive order on cybersecurity2 and quickly followed with Version 2.0 in July 2022.3 The latest update provides crucial details for implementing the Zero Trust strategy, including clear guidance for the DoD and its vendors regarding 45 separate capabilities and 152 total activities. 

While Zero Trust initiatives have been underway for years across various departments, this updated strategy seeks to unify efforts to achieve a strong, proven defensive posture against adversary tactics. Collaborating on Zero Trust has been a challenge across the industry as it can be difficult to compare Zero Trust implementations across organizations and technology stacks. However, the level of detail found in the DoD’s strategy provides a vendor-agnostic, common lens to evaluate the maturity of a variety of existing and planned implementations that were derived from the DoD’s unique insights into cyberspace operations.

Furthermore, the DoD’s shift from a compliance and controls-based approach to an outcomes-focused methodology—meaning the job is done when the adversary stops, not just when the controls are in place—stands out as a best practice not seen elsewhere to this extent.

Building a secure foundation for Zero Trust together

Strong industry and public sector partnerships are at the heart of our approach, which is why Microsoft was invited by the DoD to discuss how its Zero Trust definitions would map to new and existing computing environments.

Microsoft is uniquely suited to support the DoD in its Zero Trust mission as both a leading cloud service provider to the government and a security company. Microsoft is recognized as a Leader in five Gartner® Magic Quadrant™ reports4,5,6,7,8,9 and seven Forrester Wave™ categories,10,11,12,13,14,15,16 representing a full array of fit-for-purpose security tools to achieve Zero Trust outcomes. These components are pre-integrated to provide a strong baseline and a fast path to comprehensive coverage across the DoD’s seven pillars and 45 capabilities of Zero Trust to achieve both target and advanced activities.

Beyond comprehensive coverage of the DoD’s latest capabilities requirements, our strong baseline is further enhanced by an open ecosystem of more than 90 partner Zero Trust solutions from leading security companies that integrate directly with our platform. To name a few:

  • Tenable and Microsoft are working together to integrate Tenable.io with Microsoft Defender for Cloud and Microsoft Sentinel solutions to support vulnerability assessments for hybrid cloud workloads.
  • Yubico and Microsoft recently announced the release of certificate-based authentication (CBA) for Microsoft Azure Active Directory on Windows, iOS, and Android devices through a hardware security key known as YubiKey to fight against phishing attacks.
  • Conquest Cyber launched the ARMED™ Platform built on Microsoft Sentinel to help agencies configure and manage solutions to address cyber risk with real-time visibility of their posture, guided by compliance, maturity, and effectiveness.

Lastly, Microsoft is deeply committed to promoting cyber resilience and strengthening our nation’s cyber defenses. This responsibility is demonstrated by our work with the National Institute of Standards and Technology’s (NIST’s) National Cybersecurity Center of Excellence (NCCoE) to develop practical, interoperable Zero Trust approaches and architectures, as well as our continued participation in the Joint Cyber Defense Collaborative established by Cybersecurity & Infrastructure Security Agency (CISA).

Real-world pilots and implementations are driving continuous learning and improvement

Zero Trust philosophy is deeply rooted in lessons learned, and the DoD has embraced this aspect by evaluating ongoing pilots and assessments as a research and development activity. Over the past years, Microsoft has partnered with various departments across the DoD to accelerate Zero Trust adoption through several pilot and production implementations, providing agencies with a predictable path to achieving target objectives.

One such example is the United States Navy’s innovative Flank Speed program, which incorporates key federal and DoD efforts to protect nearly 500,000 identities and devices while improving user experience. The Navy’s large-scale deployment—encompassing components including continuous authorization, big data, and comply-to-connect (C2C)—is already utilizing many of the Zero Trust activities put forth in the DoD’s strategy.

Learn more

Embrace proactive security with Zero Trust.

For more deployment information, tools, and resources as we work together to improve our nation’s cybersecurity, visit the Microsoft cybersecurity for government page.

To learn more about Microsoft Security solutions, visit our website. Bookmark the Security blog to keep up with our expert coverage on security matters. Also, follow us at @MSFTSecurity for the latest news and updates on cybersecurity.