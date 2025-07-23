The Department of Defense anticipates more than half of the planned measures identified in its zero-trust strategy will be implemented by fiscal year 2027.

According to the zero-trust roadmap the DOD released in November 2022, to receive system and resource access, organizations will require users and nonuser entities to authenticate using at least two attributes.

The proposed options include something a user knows (such as a user ID and password), an item in the user’s possession (a physical card or token) and an inherent method, commonly a biometric, that represents who the user is (such as an iris scan or face recognition).

Given the risk that phishing and other cyberattacks present, passwords alone won’t provide enough protection, says James Stanger, chief technology evangelist at CompTIA.

“The federal government — the military specifically — gets attacked a lot by systems going after identity management,” Stanger says. “There’s no magic bullet, but two-factor authentication is about as close as you can get to one.”

