The White House’s Office of Management and Budget has recently released the Federal Strategy for Moving the U.S. Government Toward Zero Trust Cybersecurity Principles. Adopting a “zero trust” model means moving toward a cyber architecture where “no actor, system, network, or service operating outside or within the security perimeter is trusted. Instead, we must verify anything and everything attempting to establish access.” The zero trust strategy works to further the mission laid out in President Biden’s Executive Order on Improving the Nation’s Cybersecurity.
The strategy emphasizes on achieving a zero trust model by aligning its goals with the 5 pillars developed by the Cybersecurity and Infrastructure Security Agency (CISA):
- Identity: Agency staff use enterprise-managed identities to access the applications they use in their work. Phishing-resistant MFA [multi-factor authentication] protects those personnel from sophisticated online attacks.
- Devices: The Federal Government has a complete inventory of every device it operates and authorizes for Government use, and can prevent, detect, and respond to incidents on those devices.
- Networks: Agencies encrypt all DNS [Domain Name System] requests and HTTP [Hypertext Transfer Protocol] traffic within their environment, and begin executing a plan to break down their perimeters into isolated environments.
- Applications and Workloads: Agencies treat all applications as internet-connected, routinely subject their applications to rigorous empirical testing, and welcome external vulnerability reports.
- Data: Agencies are on a clear, shared path to deploy protections that make use of thorough data categorization. Agencies are taking advantage of cloud security services to monitor access to their sensitive data, and have implemented enterprise-wide logging and information sharing.
For each pillar, the strategy describes the overall vision, and outlines the actions to be taken by Federal agencies to achieve this vision. The agencies are required to meet their zero trust security goals by the end of fiscal year 2024.
Please note: An HSDL login is required to view some of these resources.
Need help finding something? Ask one of our librarians for assistance!