Home White house advocates for zero trust

White house advocates for zero trust

Sept 9–In the US, the federal government is advocating for federal agencies to adopt zero-trust cyber security architectures. New guidance emerged earlier this week, and came from the Office of Management and Budget. On Tuesday, the Biden administration released several documents for public comment.

Key elements: Federal zero trust strategy

  • Consolidating agency identity systems
  • Combatting phishing through strong multifactor authentication
  • Treating internal networks as untrusted
  • Encrypting traffic
  • Moving protections closer to data via application security

Cyber security executive order

In May, the Biden administration issued an executive order mandating that federal groups bolster cyber security. Specific security methods and tools mentioned in the mandate include multi-factor authentication, encryption and zero trust.

Zero trust models enable identity access management. As a result, organizations can verify a users legitimacy and provide appropriate privileges. Organizations can evaluate access regularly, and can ensure that users only access specific segments of the network.

Federal experts, zero trust

Federal Chief Information Officer Claire Martorana asserts “Never trust, always verify.” She also says “With today’s zero trust announcement, we are clearly driving home the message to federal agencies that they should not automatically trust anything inside or outside of their perimeters.”

The latest Office of Management and Budget guidelines mean that federal agencies now have new recommendations to fold into their cyber security plans.

Also this week, CISA shared a new Zero Trust Maturity Model, or ZTTM. Although the maturity model was not specifically required by the executive order, security leaders proceeded with the guidance in order to help federal organizations migrate to zero trust more efficiently.  Director of CISA, Jen Easterly, states that the new maturity model represents one of the only tools developed to assist the government in improving its cyber security posture.

In summary

Federal chief information security officer Chris DeRusha notes that the federal government’s approach to cyber security must continue to evolve in order to keep pace with adversaries.  Moreover, DeRusha states, “We welcome feedback on how we can refine this strategy to best advance federal cybersecurity.”

If you liked this content, get further federal cyber security insights here. Lastly, sign up for the Cyber Talk newsletter here.