Chris DeRusha, federal chief information security officer at the Office of Management and Budget (OMB) and a 2021 Wash100 Award recipient, said zero-trust is centered on user verification, device validation and network access limitation and agencies have been shifting to the new framework for identity and credential access management (ICAM), Nextgov reported Thursday.
Speaking at a recently concluded cybersecurity event, DeRusha pointed out that the prior model, which bases a user's trustworthiness on its presence "behind a firewall," is not enough anymore.
“In earnest, in the past few years, agencies are building out really strong foundations around identity and credential access management. We're also moving closer and closer to doing continuous monitoring [and] dynamic management,” he said.
Other current and former government officials present at the event also commented on zero trust, saying it is a plan of action or policy. “Zero trust is not a technology. It's not something you buy. It's a strategy,” said Gregory Touhill, former federal CISO.
The National Institute of Standards and Technology’s (NIST) Special Publication 800-207 is the government's definitive document on the concept of zero trust.
Visit Wash100.com to cast a vote for Chris DeRusha as the most significant executive of consequence to the GovCon sector. Cast your TEN votes TODAY to advocate your favorite leaders in the federal and government sectors. The elite leader with the most votes by April 30 will be recognized by the GovCon community as the industry’s most influential member.