DoD Cybersecurity Reference Architecture Version 5.0
Department of Defense DoD (2023)
The Cybersecurity Reference Architecture (CSRA) is a reference framework intended to be used by the DoD to guide the modernization of cybersecurity as required in Section 3 of E.O. 14028, Improving the Nation’s Cybersecurity1 and Section 1 of National Security Memorandum on Improving the Cybersecurity of National Security, Department of Defense, and Intelligence Community Systems (NSM-8)2. The CSRA will advance Defense business systems, DoD national security systems (NSS), and DoD critical infrastructure / key resources (CIKR) – including DoD information technology (IT) and DoD operational technology (OT) – through an evolution to integrate ZT principles. This evolution is necessary to modernize cybersecurity through adoption of ZTA. The CSRA is a threat-informed product through integration of intelligence products and threat-based cybersecurity assessments (e.g., DoD Cybersecurity Analysis Review (DODCAR).
The purpose of the CSRA is to establish characteristics for cybersecurity architecture in the form of principles, fundamental components, capabilities, and design patterns to address threats that exist both inside and outside traditional network boundaries. Alignment of the CSRA to other RAs and solution architectures must include existing command and control (C2) orders and directives. The alignment of C2 and the CSRA will improve cyberspace survivability and enhance resiliency in operations and warfighter support to achieve integrated deterrence.