Tuesday, November 11, 2025
Tuesday, November 11, 2025
The Defense Department official leading a zero-trust implementation initiative across the enterprise says his office will come out with a new strategy to guide the effort, which could come as soon as December.
“At the end of the year -- I'm hoping December, January -- we'll come out with a new zero-trust strategy. We’re calling it ‘Version 2.0,’” Randy Resnick, director of the DOD’s zero-trust portfolio management office, told attendees at the annual Billington Cybersecurity Summit today.
It would mark the first update since 2022, when the Pentagon’s zero-trust strategy was first published. That guidance set expectations for full implementation and adoption of zero-trust principles for information technology systems by the end of fiscal year 2027.
Resnick’s office has a different update coming even sooner, though -- he's expecting to roll out guidance on zero-trust applications for operational technology by the end of October.
“So probably six weeks-ish, we’re going to be coming out with what we call a ‘fan chart’ on secure ZT for operational technology,” Resnick said.
That comes nearly five months after Resnick first hinted at the effort to expand zero-trust implementation to operational technology used across the department, during an April symposium on DOD zero-trust adoption.
That guidance on zero trust for operational technology will also play a part in the overall Version 2.0 strategy coming out later, which Resnick called “essentially a global update.”
“It’s been many years since [2022]. We’ve learned a lot for zero trust for IT. We’ll include zero trust for OT and just bring everything modernized and up to date and make it more focused,” he said.