The emphasis on implementing zero trust architectures throughout federal networks is intended to reinforce the Government’s defenses against increasingly sophisticated and persistent threat campaigns. This focus represents a major step forward in strengthening agencies’ cybersecurity – and provides the opportunity to enhance cybersecurity within those networks through microsegmentation. Application segmentation is a component...

When the White House issued Executive Order 14028, “Improving the Nation's Cybersecurity” in May 2021, it established the framework for the Office of Management and Budget’s January 2022 memorandum directing all agencies to implement a Federal Zero Trust Strategy. The Department of Defense has now released its own Zero Trust Strategy and Roadmap, which spells out its four high-level, integrated strategic goals in achieving ze...

As agencies pursue their zero trust goals in line with Executive Order 14028, “Improving the Nation’s Cybersecurity,” and the Office of Management and Budget’s memorandum setting a Federal Zero Trust Strategy, it is easy to focus on technology solutions. But that overlooks something fundamental about both the challenge and the purpose of moving to zero trust – the human beings that actually will use the redesigned...

Federal agencies are taking seriously the administration’s September 2024 deadline for implementing zero trust throughout government systems. When Executive Order 14028, “Improving the Nation’s Cybersecurity,” was issued in May 2021, it set tight deadlines for agencies to meet zero trust requirements. One year after the EO was released, a survey found that two-thirds of agencies said they would meet the maturity require...

Phishing continues to be one of the most common internet crimes today, but the stakes have risen enormously as our society has become online-driven. More than 80% of these attacks involve credential misuse in the network. With increased remote workers, users need a seamless mobile device experience to be able to do their jobs. Derived credentials allow agencies to utilize existing investments, adopt modern protocols, and apply phishing-resista...

The federal government is well ahead of state and local governments in the implementation of a zero trust architecture because of the White House Executive Order on Cybersecurity last year. But state and local agencies see it in their immediate future - 67 percent of state CIOs who responded to the 2021 Annual State CIO Survey anticipate that introducing or expanding a zero-trust framework will receive more attention in the next two to three y...

In May 2021, President Biden issued Executive Order 14028 on improving government cybersecurity. The order required that all federal agencies develop a plan to implement zero trust architectures for their IT systems, and set aggressive timelines for achieving this goal by 2024. The National Institute of Standards and Technology defines zero trust as “an evolving set of cybersecurity paradigms that move defenses from static, network-based...

In May of 2021, the White House issued the Executive Order on Improving the Nation’s Cybersecurity, mandating that federal agencies begin taking decisive steps to modernize their approach to cybersecurity, with zero trust as the foundation. In that time, federal agencies have been diligently working to meet the Executive Order’s mandates. Last month, the Office of Management and Budget released M-22-16 Administration Cybersecurity...

Cyber threats to federal agencies continue to evolve, requiring equal agility in defending against them. To address the scope of the risk, the White House released Executive Order (EO) 14028 on improving the nation’s cybersecurity in May 2021. It outlined security best practices, including how the federal government must advance toward a zero trust architecture to keep pace with today’s dynamic and increasingly complex cyber threat...

The Office of Management and Budget issued its guidance in January on meeting the requirements for agency networks to implement a zero trust architecture strategy. The purpose of the mandate is to defend against sophisticated penetrations by adversaries, whether nation-states or criminals, and it emphasized that identity management and access controls are key components. Taken together, identity and access controls mean that privileged access...