The Cybersecurity and Infrastructure Security Agency (CISA) is moving to consolidate disparate zero trust security policy functions into a new single office at the agency.
The unified structure will be named CISA’s Zero Trust Initiative, and will give the agency a single, coordinated vision in its efforts to help Federal agencies migrate to zero trust security architectures, and to promote the adoption of zero trust more generally beyond the government realm.
The unified zero trust office will focus on a range of goals going forward. Those include:
- Expanding zero trust training opportunities;
- Issuing further zero trust guidance and playbooks that build on existing efforts including CISA’s Zero Trust Maturity Model (ZTMM) and its Trusted Internet Connections (TIC) 3.0 guidance;
- Undertaking additional community building and collaboration through working groups and partnerships with Federal agencies and the greater IT community; and
- Working on ways that organizations can assess their progress in implementing zero trust security architectures.
The unified zero trust office is expected to include Sean Connelly, who has been a prime mover for CISA on zero trust policy. His current titles at CISA include Senior Cybersecurity Architect and program manager of the agency’s TIC initiative.
Connelly took a deep dive into CISA’s zero trust security efforts in an interview with MeriTalk last December.
The CISA official also last year previewed the concept of creating a single zero trust office within the agency. “We are looking at how to transition the TIC program office towards being some type of zero trust program office,” Connelly said in March 2023 at the Zscaler Public Sector Summit in Washington.
The concept of a unified office, he said last year, “goes back to the NSTAC report that came out last year” that suggested CISA “look at setting up some type of zero trust office,” Connelly said. “So we are still working with OMB [Office of Management and Budget] and other stakeholders and how to stand that up.”
Connelly said that move would “ideally” be part of another ongoing effort to set up zero trust training cohorts for Federal agency officials.