Zero Trust, Proven: DoD’s Security Breakthroughs

 

 

Original broadcast 6/1/25

Presented by Maximus

A landmark cybersecurity achievement is unfolding inside the U.S. Department of Defense. On this week’s Fed Gov Today, Randy Resnick, Director of the DoD Zero Trust Program Management Office, reveals that three independently validated Zero Trust solutions are now available to DoD organizations — a feat once thought impossible by many across government and industry.

“When we started,” Resnick explains, “nobody really knew how to define Zero Trust (ZT), how to implement it, or how to evaluate success.” The mission of his portfolio office was clear: develop foundational requirements, establish a goal line for ZT, and pave a reliable path for implementation.

One of the first systems to rise to the challenge was DISA’s Thunderdome. Comprising over 30 integrated vendor tools, Thunderdome has been independently validated to meet all 152 outcome activities required for “advanced” Zero Trust. This system is now a ready-to-deploy solution for any DoD organization—not just DISA.

Screenshot 2025-05-28 at 4.14.18 PMBut as Resnick explains, adopting Zero Trust is not as simple as plugging in a new toolset. Agencies must first decide where to install the system, then migrate users, applications, and data. More critically, they must implement network segmentation, microsegmentation, and rules-based access policies that explicitly define who can access what — when, where, and how. Unlike traditional models where access is granted unless explicitly denied, Zero Trust flips the paradigm: everything is denied unless explicitly allowed.

In addition to Thunderdome, two other solutions have now passed the rigorous independent assessment process:

  1. Flank Speed, developed by the U.S. Navy, is a Microsoft-based Zero Trust environment using Azure and other tools. It achieved “advanced” status and is now available to all DoD components.

  2. Ford Zero, developed by Dell, reached the “target” level of Zero Trust maturity and is likewise deployable across the department.

Each solution offers a distinct pathway to ZT compliance, with flexibility based on mission needs and existing infrastructure. Agencies may choose to deploy one or more solutions based on geographic spread, functional requirements, or security zones.

Resnick shares that the DoD’s pipeline includes 10 more solutions under evaluation in FY25. Based on current performance trends, 2–3 additional solutions are expected to pass, bringing the total validated options to potentially five or six by the end of the fiscal year. This rapid progress underscores the portfolio office’s core objective: to accelerate Zero Trust adoption through validated, lower-risk turnkey systems.

He concludes by contrasting past DoD practices with today’s strategy. “We used to rely on agencies to integrate cybersecurity tools themselves—and we’re just not good at integration.” These new ZT solutions, he explains, significantly lower the risk of failure and offer a more reliable route to securing DoD networks against global adversaries.

Key Takeaways:

  • 3 Zero Trust solutions are now independently validated for use: Thunderdome, Flank Speed, and Ford Zero.

  • Agencies must still implement segmentation, access rules, and user/data migration.

  • Up to 10 more solutions will be evaluated by end of FY25 — several are expected to succeed.