The Office of Management and Budget (OMB) in the U.S. released a national strategy to move the government towards a zero-trust security model for better cybersecurity outcomes. The strategy is a part of delivering President Biden’s Executive Order on Improving the Nation’s Cybersecurity, intended to boost the security of the nation’s critical digital infrastructures against rising cyberattacks.
The agency opined that the growing sophisticated cyber threats could not be mitigated with the conventional perimeter-based defenses. Citing Log4j vulnerability as the latest evidence, OMB stated that adversaries continue to find new gateways to penetrate the targeted systems.
The Zero-Trust Security Model
A zero-trust security model is a process of designing a cybersecurity architecture based on the “never trust, always verify” concept. OMB stated the zero-trust strategy allows organizations to detect, isolate, and respond to different types of cyber risks. It will serve as a roadmap for shifting the Federal government to a new cybersecurity model.
OMB’s new federal zero-trust strategy envisions a Federal government where:
- The federal staff has enterprise-managed accounts, allowing them to access everything they need to do their job while remaining protected from even targeted, sophisticated phishing attacks.
- The devices that Federal staff use to do their jobs are consistently tracked and monitored, and the security posture of those devices is taken into account when granting access to internal resources.
- Agency systems are isolated, and the network traffic flowing between and within them is reliably encrypted.
- Enterprise applications are tested internally and externally and can be made available to staff securely over the internet.
- National security and data teams work together to develop data categories and security rules to automatically detect and ultimately block unauthorized access to sensitive information.
“In the face of increasingly sophisticated cyber threats, the Administration is taking decisive action to bolster the Federal government’s cyber defenses. This zero-trust strategy is about ensuring the Federal Government leads by example, and it marks another key milestone in our efforts to repel attacks from those who would do the U.S. harm,” said Acting OMB Director Shalanda Young.
“Security is the cornerstone of our efforts to build exceptional digital experiences for the American public. Federal agency CIOs and IT leaders are leaning into this challenge, and the zero trust strategy provides a clear roadmap for deploying technology that is secure by design and responsive to the needs of our workforce so they can better deliver for the American public,” said Federal Chief Information Officer Clare Martorana.