1 00:00:02,529 --> 00:00:05,110 Hello , I'm Les , co director for the 2 00:00:05,119 --> 00:00:07,130 Department of Defense's Zero Trust 3 00:00:07,139 --> 00:00:09,619 Portfolio Management Office referred to 4 00:00:09,630 --> 00:00:12,680 frequently as the ZTPFMO . I'm here 5 00:00:12,689 --> 00:00:14,649 today with a good news story . The 6 00:00:14,659 --> 00:00:16,881 Department of Defense has just released 7 00:00:16,881 --> 00:00:18,969 something critical for accelerating 8 00:00:18,979 --> 00:00:21,040 zero trust to better protect our it 9 00:00:21,049 --> 00:00:23,090 infrastructure . These are the zero 10 00:00:23,100 --> 00:00:25,379 trust overlays for those of you not 11 00:00:25,389 --> 00:00:28,139 familiar with the concept zero trust or 12 00:00:28,149 --> 00:00:31,204 ZT is a methodology for control access 13 00:00:31,215 --> 00:00:33,525 to critical data on our systems , 14 00:00:33,534 --> 00:00:35,865 preventing unauthorized entry and 15 00:00:35,875 --> 00:00:38,064 halting lateral movement within our 16 00:00:38,075 --> 00:00:40,775 networks . It's like having locks , not 17 00:00:40,784 --> 00:00:43,014 just on the external front door , back 18 00:00:43,025 --> 00:00:45,465 door windows , but on all your doors , 19 00:00:45,474 --> 00:00:47,645 outside and inside . So once the 20 00:00:47,654 --> 00:00:49,876 intruder gets in your home , they still 21 00:00:49,876 --> 00:00:51,710 can't go anywhere unless they're 22 00:00:51,710 --> 00:00:53,710 authenticated to move from one room 23 00:00:53,710 --> 00:00:56,025 into the other room and your valuables . 24 00:00:56,034 --> 00:00:57,978 We keep those under lock and key . 25 00:00:57,978 --> 00:01:00,201 Always . The department has been facing 26 00:01:00,201 --> 00:01:02,423 difficulties in implementing zero trust 27 00:01:02,423 --> 00:01:04,830 due to current procedures that rarely 28 00:01:04,839 --> 00:01:07,360 focus on cyber outcomes . The ZT 29 00:01:07,370 --> 00:01:09,919 overlays correct this by mapping the 30 00:01:09,930 --> 00:01:13,900 nist 853 common security controls 31 00:01:13,910 --> 00:01:16,239 to ZT activities . Effectively 32 00:01:16,250 --> 00:01:18,360 answering the question of how do I 33 00:01:18,370 --> 00:01:21,550 satisfy ZT outcomes ? The dod 34 00:01:21,569 --> 00:01:24,430 Cio has taken action and developed a 35 00:01:24,541 --> 00:01:26,430 document which describes in great 36 00:01:26,430 --> 00:01:28,622 detail how to apply those security 37 00:01:28,632 --> 00:01:31,001 controls across the dod to meet both 38 00:01:31,012 --> 00:01:33,431 target and advanced level ZT 39 00:01:33,442 --> 00:01:36,582 requirements . This is vital as it's 40 00:01:36,592 --> 00:01:38,703 the first time the department has had 41 00:01:38,703 --> 00:01:41,402 the ability to one standardize how we 42 00:01:41,412 --> 00:01:43,222 implement ZT across the defense 43 00:01:43,232 --> 00:01:46,071 enterprise . Two describe a phased 44 00:01:46,082 --> 00:01:48,082 approach to implement zero trust 45 00:01:48,092 --> 00:01:51,433 controls and three develop a ZT gap 46 00:01:51,444 --> 00:01:53,723 analysis for system architects and 47 00:01:53,734 --> 00:01:56,204 authorization officials . Now don't be 48 00:01:56,213 --> 00:01:59,403 concerned ZT overlays are not a source 49 00:01:59,414 --> 00:02:01,723 of extra workload . Instead , they 50 00:02:01,734 --> 00:02:03,567 provide system owners with clear 51 00:02:03,567 --> 00:02:06,124 guidance on which controls facilitate 52 00:02:06,134 --> 00:02:09,003 specific ZT activities and their 53 00:02:09,014 --> 00:02:11,304 accompanying outcomes . And what 54 00:02:11,333 --> 00:02:14,003 hierarchical level they are at be at 55 00:02:14,014 --> 00:02:17,496 the dod enterprise dod component down 56 00:02:17,505 --> 00:02:20,365 to the enclave or your individual 57 00:02:20,376 --> 00:02:22,805 system . The good news here is that the 58 00:02:22,815 --> 00:02:24,886 system owners are likely already 59 00:02:24,895 --> 00:02:26,925 implementing most of those security 60 00:02:26,936 --> 00:02:29,546 controls , map to the ZT activities and 61 00:02:29,555 --> 00:02:31,222 their accompanying outcomes . 62 00:02:31,222 --> 00:02:33,826 Nevertheless , they may need to modify 63 00:02:33,835 --> 00:02:36,246 their systems implementation to align 64 00:02:36,255 --> 00:02:39,095 with the new ZT approaches , the tools , 65 00:02:39,106 --> 00:02:42,880 technologies and solutions . The ZT 66 00:02:42,889 --> 00:02:45,169 overlay documents can now be found on 67 00:02:45,179 --> 00:02:48,690 the Dod Cio S library website and we 68 00:02:48,699 --> 00:02:50,755 invite you to leverage this document 69 00:02:50,755 --> 00:02:53,179 guidance as you implement target and 70 00:02:53,190 --> 00:02:55,190 advanced level ZT within the dod 71 00:02:55,199 --> 00:02:58,380 enterprise . Thank you for your 72 00:02:58,389 --> 00:02:59,460 continued support .