Home SecurityNetwork Security OMB issues zero-trust strategy for federal agencies

OMB issues zero-trust strategy for federal agencies

Source Link

Through a memo issued by the Office of Management and Budget (OMB), the Biden administration issued a 30-page strategy to move the U.S. government toward a zero trust approach to cybersecurity. The strategy “represents a key step forward” in delivering on the president’s sweeping May executive order (EO) on cybersecurity, which contains a directive for federal government agencies to develop a plan to advance towards a zero trust architecture.

A hot buzz phrase in the cybersecurity world, zero trust is a model premised on the notion of “never trust, always verify.” The executive order defines zero trust as a security concept that “eliminates implicit trust in any one element, node, or service and instead requires continuous verification of the operational picture via real-time information from multiple sources to determine access and other system responses.” OMB says that a “key tenet of a zero trust architecture is that no network is implicitly considered trusted.”

The latest step in a series of zero trust actions

The administration has already taken several steps under the executive order to position the federal government to adopt zero trust.  President Biden’s executive order required agencies to develop their plans for implementing zero trust architectures.

Last September, the administration released three documents that more fully flesh out zero trust under the EO. First, the OMB released a draft for public comment on the steps government agencies can take to implement zero trust. The just-released OMB memo is a final version of this earlier draft that reflects comments received on the initial document.

The Cybersecurity and Infrastructure Security Agency (CISA) also released at the same time its Cloud Security Technical Reference Architecture to inform agencies of the advantages and inherent risks of adopting cloud-based services as agencies move closer to zero trust architecture. Concurrent with the reference architecture release, CISA released its Zero-Trust Maturity Model to help agencies implement zero-trust architectures.

OMB’s memo lays out a tight timeline. Within 30 days from the memo’s publications, or by February 26, agencies will have to designate and identify a zero-trust strategy implementation lead for their organization. Within 60 days of OMB’s memo, or by March 26, agencies must build on the EO-mandated plans by incorporating the additional requirements spelled out in the memo into those plans. Finally, agencies must achieve five zero-trust security goals by the end of 2024.

Copyright © 2022 IDG Communications, Inc.

Related Articles

Leave a Comment