// PILLAR 02 OF 07 — DoD ZERO TRUST ARCHITECTURE

💻 DEVICE

Every endpoint is an attack vector. Device health, compliance posture, and real-time integrity verification must gate all access — before a single packet is authorized onto the network.

// Core Requirements — What Must Be Implemented

Comprehensive hardware and software asset inventory — authoritative, real-time CMDB across all managed and unmanaged devices
Endpoint Detection and Response (EDR) deployed on all managed endpoints with telemetry integration to SIEM
Device compliance policy enforcement — patch level, configuration baseline, AV signature status
Mobile Device Management (MDM) / Unified Endpoint Management (UEM) with enrollment enforcement
Device health signal integration with Policy Decision Point (PDP) for real-time access gating
Certificate-based device authentication — machine identity via PKI, not just user credentials
Automated quarantine and remediation workflows for non-compliant or compromised endpoints
OT/IoT device enumeration, profiling, and micro-segmentation for operational technology environments

// Operational Principle

The device is not the perimeter — it is a variable in the trust equation. A device that was healthy at 0800 may be compromised by 1400 and must be treated accordingly without waiting for the next login.

// Hardware — Endpoint Security Appliances

Hardware

Trusted Platform Module (TPM) 2.0

Hardware root of trust embedded in endpoint devices. Provides cryptographic attestation of device integrity for ZT posture verification. Required on all new DoD procured hardware.

Industry Standard

Hardware

Imprivata Cortext Secure Badge Reader

Physical access control hardware integrated with logical access for zero-trust physical/cyber convergence in DoD facilities.

Imprivata

Hardware

Cisco Secure Network Analytics (Stealthwatch) Appliance

Network traffic analysis hardware appliance for east-west traffic visibility and device behavioral analysis.

Cisco

Hardware

IoT Security Gateway — Armis / Claroty Sensors

Passive network sensors for OT/IoT device discovery and profiling without requiring agents on legacy operational technology.

Armis/Claroty

// Software, Platforms & Cloud Services

Software / Platform

CrowdStrike Falcon (EDR/XDR)

Market-leading EDR with AI-based threat detection, device posture assessment, and ZT integration via CrowdStrike Falcon Zero Trust Assessment (ZTA) score.

CrowdStrike

Software / Platform

Microsoft Defender for Endpoint

Integrated EDR for Windows/macOS/Linux. Native Intune integration for device compliance signaling to Entra Conditional Access policies.

Microsoft

Software / Platform

Microsoft Intune (MDM/UEM)

DoD-used MDM platform for policy enforcement, compliance assessment, and device health signal delivery to ZT policy engine.

Microsoft

Software / Platform

JAMF Pro

Enterprise MDM for Apple devices in DoD and federal environments. DISA STIG configuration profiles, compliance enforcement, and ZT integration.

JAMF

Software / Platform

Tanium (Asset & Compliance)

Real-time endpoint visibility and compliance platform. Provides authoritative asset inventory and patch status assessment across 100,000+ endpoints in seconds.

Tanium

Software / Platform

Axonius Cybersecurity Asset Management

Aggregates device data from 800+ sources to provide authoritative, real-time hardware/software inventory for ZT policy decisions.

Axonius

Software / Platform

Tenable.io / Nessus (Vulnerability Assessment)

Continuous vulnerability scanning and DISA STIG compliance assessment. Required for DoD IATT/ATO processes and ZT device posture scoring.

Tenable

// Standards, Frameworks & Compliance Alignment

EDRCrowdStrike / Defender

MDM/UEMIntune / JAMF

AssetTanium / Axonius

StandardNIST SP 800-70

ComplianceDISA STIG Benchmarks

DoD Compliance Note: All hardware and software solutions referenced on this page must be evaluated against the DISA Approved Products List (APL) or obtain an Authority to Operate (ATO) through RMF before deployment in DoD environments. FIPS 140-2 or 140-3 validated cryptographic modules are required for any solution handling classified or CUI data. Solutions referencing DoD environments have been noted where DISA APL listings exist as of this publication.

// ZTNSS Assessment for This Pillar

John’s Zero Trust Readiness Assessment evaluates your Device Pillar maturity against all applicable DoD ZT Target Level activities using structured, evidence-based scoring methodology. The assessment identifies specific capability gaps, maps them to DoD activity numbers, and produces a sequenced remediation roadmap prioritized by risk exposure and operational impact.

John’s 24-year operational background at USSOCOM and SOCCENT means this assessment is grounded in environments where the adversaries are nation-state level, the stakes are operational, and compliance checkboxes are not a substitute for actual security.

← Pillar 01 — User Pillar 03 — Network →

[ Assess your Device Pillar maturity against DoD Target Level ]

GET YOUR ZT READINESS SCORE.

30 minutes. Mission-first guidance from someone who built and defended these architectures at USSOCOM.

Book Strategy Call → ← All Seven Pillars