An official website of the United States government
A .mil website belongs to an official U.S. Department of Defense organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .mil website. Share sensitive information only on official, secure websites.

Report | April 29, 2025

Audit of the DoD’s Compliance with the FY 2022 National Defense Authorization Act’s Requirements Concerning Zero Trust (Report No. DODIG-2025-090)

Audit

The objective of this audit was to determine whether the DoD complied with FY 2022 National Defense Authorization Act (NDAA) requirements to develop the DoD Zero Trust (ZT) strategy, principles, architecture, and implementation plans.

ZT is a network cybersecurity model based on the premise that users and devices should never be automatically or implicitly trusted, whether operating inside or outside an organization’s network perimeter. The FY 2022 NDAA directed the DoD Chief Information Officer (CIO) and the Commander, U.S. Cyber Command, to develop the DoD’s ZT strategy, principles, and architecture across the DoD Information Network, including classified networks, operational technology, infrastructures, and weapon systems. The FY 2022 NDAA also required DoD Components to submit ZT implementation plans to the DoD CIO and the Commander of the Joint Forces Headquarters-Department of Defense Information Network no later than 1 year after the finalization of the ZT strategy.