The Office of Management and Budget (OMB) released a Federal Zero Trust Strategy to push federal agencies’ networks and systems to zero-trust security architecture. The Cybersecurity and Infrastructure Security Agency (CISA) also released its Cloud Security Technical Reference Architecture (TRA) and Zero Trust Maturity Model to guide the U.S. Government agencies in boosting their cybersecurity posture.
OMB’s zero-trust strategy requires organizations to perform:
- Consolidating agency identity systems
- Combatting phishing through strong multifactor authentication
- Treating internal networks as untrusted and encrypting traffic
- Moving protections closer to data by strengthening application security
The initiatives from OMB and the CISA are designed to provide government agencies with the roadmap and resources required to implement a zero-trust model. The authorities of OMB and CISA requested feedback from the public on zero-trust strategy drafts and technical guidance to enhance enterprise security across the federal government. Interested civilians can provide their inputs at zerotrust.cyber.gov. While OMB accepts public comments until September 21, 2021, the CISA’s comment period will run until October 1, 2021.
Improving Nation’s Cybersecurity
All three new proposed strategies are released in support of the Executive Order recently signed by POTUS Biden to improve the nation’s cybersecurity. The Biden administration and tech giants such as Google, Microsoft, Apple, and IBM, have come together to discuss ways to enhance the security of technology and address the rising cyberthreat landscape in the U.S.
“The goal is to provide agencies with guidance on the shared risk model for cloud service adoption, how to build a cloud environment, and how to monitor such an environment through robust cloud security posture management,” the White House said.
Commenting on the latest initiative, Clare Martorana, Federal Chief Information Officer, said, “Never trust, always verify. With today’s zero trust announcement, we are driving home the message to federal agencies that they should not automatically trust anything inside or outside of their perimeters. They must verify anything and everything trying to connect to their systems before granting access. This is an expectation in a modern technology environment, and we look forward to this public comment process to make our strategy even stronger.”