The objective of this audit was to determine whether the DoD complied with FY 2022 National Defense Authorization Act (NDAA) requirements to develop the DoD Zero Trust (ZT) strategy, principles, architecture, and implementation plans.
ZT is a network cybersecurity model based on the premise that users and devices should never be automatically or implicitly trusted, whether operating inside or outside an organization’s network perimeter. The FY 2022 NDAA directed the DoD Chief Information Officer (CIO) and the Commander, U.S. Cyber Command, to develop the DoD’s ZT strategy, principles, and architecture across the DoD Information Network, including classified networks, operational technology, infrastructures, and weapon systems. The FY 2022 NDAA also required DoD Components to submit ZT implementation plans to the DoD CIO and the Commander of the Joint Forces Headquarters-Department of Defense Information Network no later than 1 year after the finalization of the ZT strategy.