The SIEM & XDR Imperative: Powering Zero Trust with Intelligent Automation, AI/ML, and Analytics
September 16, 2025
Shifting Security Left: Integrating Security into the SDLC with a DevSecOps Factory
September 23, 2025A Guide to All 91 Target Level Zero Trust Activities
For federal agencies, the mandate to implement a Zero Trust architecture is clear, but the path from strategy to execution remains a significant hurdle. While the “what” and “why” of Zero Trust may be understood, translating to a set of solutions is a complex challenge.
For over 15 years, we at Federal Resources Corporation (FRC) have been dedicated to helping the U.S. Government modernize its technology and achieve its cybersecurity goals. As a Value-Added Reseller, we hold a unique vantage point, seeing both how federal agencies approach implementation and how technology manufacturers position their products to meet these objectives
We have channeled that experience to demystify the 91 Zero Trust activities required to meet the Department of Defense (DoD) Target Level of Zero Trust. The DoD has established two distinct maturity levels for implementing its Zero Trust cybersecurity model:
- Target Level: involves implementing 91 specific activities by fiscal year 2027
- Advanced Level: An additional 61 activities with a target achievement by 2032
Our articles are built on extensive research of foundational zero trust documents, including the DoD Zero Trust Strategy and Roadmap and NIST Special Publications, combined with practical insights gathered from our work with agency leaders and technology partners.
The DoD Zero Trust Architecture is organized around seven foundational pillars. The table below describes these pillars, their key activities, and their benefits. Each pillar’s title links to a page with detailed articles for every Target Level Activity within that pillar
| Pillar | What It Covers | Key Activities & Benefits |
| User | Ensuring that every identity (user or service) is verified; strong authentication, authorization, and behavior-based access policies. | Reduces risk of compromised credentials; enables least privilege; supports multi-factor authentication, identity proofing, role-based access control. |
| Device | Validates the health, compliance, and trustworthiness of devices accessing resources. | Ensures only secure, non-compromised devices can connect; device posture checks; compliance scanning; endpoint protections. |
| Application & Workload | Protecting applications and workloads, whether on-premise, cloud, or hybrid. Includes securing how software is developed, deployed, and maintained. | Helps prevent vulnerabilities; applies secure development lifecycles; ensures least privilege; minimizes attack surfaces. |
| Data | Safeguarding sensitive data throughout its lifecycle: classification, encryption, governance, access controls. | Protects confidentiality and integrity; enables controlled sharing; ensures compliance with data protection regulations (e.g. for mission-critical, sensitive, or regulated data). |
| Network & Environment | Segmentation, context-aware traffic controls, limiting lateral movement. Network architecture that supports Zero Trust principles. | Makes it harder for attackers to move laterally, contains breaches, uses micro-segmentation, perimeter reductions, and employs least-privilege networking. |
| Automation & Orchestration | Using automated tools, workflows, and policy enforcement mechanisms to scale and sustain Zero Trust. | Consistency, repeatability, faster reaction to threats, policy drift reduction, more efficient operations. |
| Visibility & Analytics | Monitoring behavior across users, devices, network; detecting anomalies; feeding metrics and telemetry into decisions. | Enables detection of threats; supports risk assessment; continuous improvement and dynamic policy adaptation. |
How FRC’s Articles on Zero Trust Activities Help Public Sector Agencies
For public sector organizations (federal, state, local, or other agencies) seeking to mature in their Zero Trust Architecture, FRC’s Activities articles are a useful resource in several ways:
- Structured Guidance Aligned With Federal Requirements
The articles don’t just present high-level theory; they map activities explicitly to DoD and broader federal guidance. That means agencies can see how what FRC proposes helps satisfy mandates and compliance frameworks. This helps in planning, audits, budget justification, and aligning with executive orders on cybersecurity. - Plain Language Explanation
Each article provides a clear description of each activity’s purpose, goals, and desired outcomes. This helps ensure that all stakeholders have a consistent, common understanding of each activity. - Actionable Implementation Guidance
The articles provide solutions covering the necessary processes, technology categories, and relevant tools to achieve the Activity’s objective(s). - Key Considerations for Technical Buyers
We provide insights for procurement and technical teams to ensure chosen solutions support long-term compatibility and scalability. - Free Consultation Offer
For agencies unsure where they are in maturity, or which pillar to tackle first, FRC offers a free Zero Trust consultation. This lowers the barrier to entry, enabling agencies to get an expert assessment without a big upfront commitment.
FRC’s “Zero Trust Activities” offers a solid, actionable framework for public sector agencies to better understand the 91 Activities needed for the DoD Target Level of a Zero Trust Architecture.
