The Office of Management and Budget has introduced a strategy to advance the adoption of zero trust architecture within the federal government in accordance with a May 2021 executive order on cybersecurity.
The federal zero trust strategy calls for agencies to shift from perimeter-based defenses to an approach that will enable them to quickly identify, isolate and respond to cyber vulnerabilities, the White House said Wednesday.
The strategy comes with specific security goals that agencies should meet by the end of fiscal year 2024. These strategic goals are aligned with the Cybersecurity and Infrastructure Security Agency’s zero trust maturity model consists of five pillars: identity; devices; networks; applications and workloads; and data.
For the identity aspect, agency personnel should use enterprise-managed identities to gain access to applications they use in work and implement phishing-resistant multifactor authentication to protect against sophisticated cyberattacks.
“Security is the cornerstone of our efforts to build exceptional digital experiences for the American public,” said Federal Chief Information Officer Clare Martorana, a 2022 Wash100 Award winner.
“Federal agency CIOs and IT leadership are leaning into this challenge, and the zero trust strategy provides a clear roadmap for deploying technology that is secure by design and responsive to the needs of our workforce so they can better deliver for the American public,” added Martorana.
In September, OMB issued an initial draft of the strategy to solicit feedback from cybersecurity professionals and other interested stakeholders.