Department of Defense (DoD) Zero Trust Reference Architecture

This framework is designed to embed security principles throughout the Information Enterprise (IE) to prevent, detect, respond, and recover from malicious cyber activities. The traditional concept of trusted or untrusted networks, devices, personas, or processes is eliminated and replaced with a multi-attribute-based confidence levels that enable authentication and authorization policies based on the concept of least privileged access.

Implementing ZT requires designing a consolidated and more efficient architecture without impeding operations, this will minimize uncertainty in enforcing accurate, least privilege per-request access decisions in information systems and services viewed as compromised. The focus of ZT is not only on the traditional network or perimeter security, but also on protecting critical data and resources by implementing continuous multi-factor authentication, micro-segmentation, encryption, endpoint security, automation, analytics, and robust auditing to Data, Applications, Assets, Services (DAAS).

Department of Defense Zero Trust Reference Architecture