As President Biden’s cybersecurity executive order (EO) stretches past its first year, Federal agencies are at varied points in their progress on the EO’s orders. Federal leaders say it is important for agencies to approach the EO’s zero trust components strategically and understand their networks as they make the move to a zero trust architecture. […]
Implementing an effective zero trust architecture within an agency’s security framework has become pivotal to achieving cyber resiliency within the Federal government. But to be successful in the implementation of a zero trust architecture there are several elements agencies must keep in mind, according to several cyber experts. […]
Nearly two-thirds – 63 percent – of Federal mission and IT officials surveyed earlier this year believe their agencies are on track to meet the Office of Management and Budget’s zero trust security targets by the end of Fiscal Year 2024, according to new research published today by General Dynamics Information Technology (GDIT). […]
The National Institute of Standards and Technology (NIST) released a zero trust planning guide May 6 for Federal administrators that provides an overview of how the NIST Risk Management Framework (RMF) can be used to develop and implement a zero trust architecture (ZTA). […]
As President Biden’s landmark cybersecurity executive order (EO) approaches its first anniversary on May 12, new research shows that most Federal cybersecurity decision-makers solidly back the aims of the EO, but also think that its initial timelines to implement zero trust security are unrealistic. […]
The Federal government is making a big push toward zero trust security architectures, but with an abundance of guidance on what makes a zero trust architecture successful, the looming question for many Federal agencies is ‘where do we start?’ Randy Resnick, senior advisor for the Zero Trust Portfolio Management Office at the Department of Defense (DoD), believes the first step is planning. […]
As Federal agencies look to bring a zero trust security architecture to their disparate agencies and missions, resources are the main obstacle for agencies, the chief information security officer (CISO) for the Department of Homeland Security’s Information and Analysis (DHS I&A) division said today. […]
As agencies strive to meet changing zero trust security requirements, an official from the Cybersecurity and Infrastructure Security Agency (CISA) said that he’s seeing an increased sense of urgency to implement those requirements to collectively move “the Federal fleet forward.” […]
The General Services Administration (GSA) is working on a series of playbooks for Federal agencies to use as they proceed with implementing plans to migrate toward zero trust security architectures, and expects to begin releasing those within a couple of months, a senior GSA technology official said today. […]
A Defense Information Systems Agency (DISA) official said today that the next focus area for work on the agency’s Thunderdome zero trust prototype project is user convenience. […]
The Department of Education was one of three agencies to receive funding from the General Service Administration’s (GSA) Technology Modernization Fund (TMF) for Zero Trust services, and the agency’s chief information officer Steven Hernandez said the agency is prioritizing the control pillar of the zero trust architecture with the funds. […]
The modernization of identity, credential, and access management (ICAM) has long been critical to improving Federal agency cybersecurity, and is only becoming more urgent due to President Biden’s cybersecurity executive order (EO) and associated policy directives requiring agencies to move to zero trust security architectures, government officials said on April 19 at a virtual event organized by FedInsider. […]
When implementing zero trust security architectures, an official from the Department of Health and Human Services (HHS) said today that the real change is not a technology change, but instead a “cultural change” within the organization. […]
The long road to implementing zero trust security architectures may be driven by top-down policy directives and prioritizing technology pillars, but the art and science of communication and collaboration are showing up as vital inputs into organizing Federal agency technologists and network users to move toward the government’s zero trust goals. […]
The United States Special Operations Command (SOCOM) is hosting a Security at the Edge Cyber Challenge, with the multiple-phase challenge seeking to identify technologies that are capable of providing security-at-the-edge capabilities, according to a special notice posted on SAM.gov. […]
Federal agencies are continuing to work towards implementing zero trust security architectures, but which of the Office of Management and Budget’s (OMB) security pillars will take precedence in zero trust development? […]
Following mandates, Federal law enforcement agencies have begun taking steps to adopt a zero trust architecture. However, according to some IT officials from these agencies, challenges continue to arise as they continue to implement their zero trust architecture model. […]
Today every Federal agency is working to implement zero trust. Each will begin in a unique place that is dictated by its current cybersecurity posture, cybersecurity investments, and agency missions. Still, many questions must be answered as agencies plot their zero-trust journey. Which pillar in the Zero Trust Maturity Model is most urgent? Which data is more vulnerable to attacks? How do you find and classify the most sensitive information? […]
While the zero trust security model has been widely recognized as an effective approach to preventing and mitigating data breaches, an official with the Cybersecurity and Infrastructure Security Agency (CISA) said this week there are several misconceptions Federal agencies have which make them skeptical about adopting the framework. […]
The Biden administration is asking for $300 million of additional money for the Technology Modernization Fund (TMF) in Fiscal Year 2023 – an amount that would backfill most of the $320 million that the fund has awarded to Federal agencies since it received its $1 billion infusion in the American Rescue Plan Act last year. […]
Federal agencies are emerging from a tough season of security vulnerabilities – SolarWinds and Log4j among them – knowing that bad actors are changing their game plans. At the same time, agencies are improving their cyber playbooks with zero trust guidance from the White House, the Office of Management and Budget (OMB), the Cybersecurity and Infrastructure Security Agency (CISA), and others. […]
Prompted by the White House executive order on cybersecurity, Federal agencies are accelerating their adoption of zero trust architectures. And according to Gerald Caron, chief information officer (CIO) and assistant inspector general (IG) for information technology at the Department of Health and Human Services (HHS), these models must include automation. […]
Federal chief information security officers (CISOs) today recommended that as Federal agencies implement zero trust security architectures they also put in place continuous training programs for their workforce to keep employees up to date on the technology and best practices. […]
The Cybersecurity and Infrastructure Security Agency (CISA) has released a draft version of its Applying Zero Trust Principles to Enterprise Mobility for public comment. […]
The Federal government has recently taken new steps towards creating a zero trust security environment, building on last May’s Executive Order on Improving the Nation’s Cybersecurity (EO) aimed at advancing the standards by which we protect our federal information system. […]
Security, in the past, was built on fixed physical networks that allowed access to trusted individuals and kept untrusted individuals out. But, as Federal agencies transform their digital environments and increase remote work security measures had to evolve, making zero trust architectures the new norm and identity the new perimeter. […]
The National Security Agency (NSA) has released a cybersecurity technical report for its Network Infrastructure Security Guidance that features network infrastructure best practices, according to a March 1 release from the agency. […]
The National Security Telecommunications Advisory Committee (NSTAC) – a group of private sector experts that advises the White House on telecommunications issues that affect national security and emergency preparedness – is advising the Cybersecurity and Infrastructure Security Agency (CISA) to establish a dedicated Zero Trust Program Office. […]
The CIO Council is currently leading an effort, along with a multi-agency working group, to develop a new Zero Trust Playbook for agencies, according to Thomas Santucci, the director of the General Services Administration Data Center and Cloud Optimization Initiative Program Management Office (DCCOI PMO). […]
A Defense Information Systems Agency (DISA) official explained today how the agency is approaching work on its Thunderdome zero trust prototype project, along with associated identity, credential, and access management (ICAM) efforts, and said DISA expects to have further updates on those over the next several months. […]