The Federal Chief Information Security Officer, or CISO, Council and the Federal Chief Data Officers, or CDO, Council have issued a document to guide federal agencies as they operationalize data security using a zero trust framework.
“This guide represents insights from agency practitioners who are in the trenches working to implement zero trust and secure their organization’s data,” Kirsten Dalboe, chair of the CDO Council, said in a statement published Thursday.
“We’re building a cooperative relationship between data and cyber to tackle this government-wide challenge and ultimately ensure the public’s data is secured,” added Dalboe, who also serves as CDO for the Federal Energy Regulatory Commission.
More than 30 federal departments and agencies helped create the Federal Zero Trust Data Security Guide.
A working group of security and data experts developed the 42-page document in accordance with an Office of Management and Budget memorandum that seeks to advance the adoption of zero trust cybersecurity principles within the U.S. government.
About the Guide
The document addresses the zero trust data security into three chapters: define the data, secure the data and manage the data.
The second chapter, for instance, discusses the implementation of security monitoring and controls for data and integration of risk management and identity, credential and access management to ensure data security.
The guide also outlines several zero trust data security principles, including adopting a data-centric view, promoting data resiliency and integrity and implementing standardized least privilege and access control.