On the evening of Jan. 20, 2022, President Biden will make his first State of the Union address – a good time to assess the condition of federal IT, particularly with regard to policy prescriptions that agencies must adopt, such as zero trust, to achieve greater cyber resilience. The foundation of the May 2021 Cybersecurity Executive Order is the directive for agencies to implement a zero trust architecture to strengthen their cyber defe...

It is easy to say, “Never trust – always verify.” It is much harder to put that philosophy into practice, even though zero trust is the foundation of the Cybersecurity Executive Order released in May. It is unprecedented for an EO to be so specific in its cybersecurity directives. Despite the EO, there is no single way to approach zero trust implementation. The National Security Agency released some guidance in February about...

The concept of zero trust is the core of the Cybersecurity Executive Order released in May. While its directives and deadlines apply to all federal agencies, it offers a useful model for state, local, territorial and tribal governments and educational systems whose cybersecurity needs are just as great. It is easy to say, “Never trust – always verify.” It is much harder to put into practice. The National Security Agency relea...

As part of its risk mitigation strategy, the Cybersecurity Executive Order issued by the White House in May moves Zero Trust architecture to the center of cyber hygiene policy for the federal government. Zero Trust can be summarized easily: Trust nothing, suspect everything, authenticate 100%. The Executive Order includes directives to CISA and GSA to develop a cloud security strategy and provide guidance to agencies for implementation.Address...

As part of its risk mitigation strategy, the Cybersecurity Executive Order issued by the White House in May moves Zero Trust architecture to the center of cyber hygiene policy for the federal government. Zero Trust can be summarized easily: Trust nothing, suspect everything, authenticate 100%. The Cybersecurity and Infrastructure Security Agency views this as setting an example for state and local governments looking to strengthen their securi...

The animating concept at the heart of the Cybersecurity Executive Order issued in May is Zero Trust – to structure cybersecurity around the premise that every person, every device, whether inside or outside its’ systems, is not to be trusted and must be verified before being granted access. Setting this as core to modernization is reflected in the awards just made by the Technology Modernization Fund. Three of the six public awards...

The recent cybersecurity Executive Order emphasizes the need for more structure and to start moving toward a Zero Trust architecture. This architecture is a broad strategy that follows the mantra, "Never trust, always verify," and assumes untrusted actors already exist both inside and outside agency networks. By moving federal agencies toward Zero Trust, their resources can stay protected through an architecture that adapts to the complexity o...

The White House Executive Order issued in May directs federal agencies to, through bold changes and significant investments, apply zero trust practices to strengthen cybersecurity across government and the private sector. The EO sets objectives and timeframes but does not guide the strategies to achieve those outcomes. Unlike many EOs, however, the administration is allocating funding to help agencies undertake the work – from the edge a...

For more than a year, cybersecurity professionals in the government have been wrestling with a vastly more complicated threat landscape. Millions of employees suddenly working from home, often using their own devices, brought the full impact of “computing at the edge” to light. Meanwhile, high-profile cyber attacks, from the Solar Winds breach to ransomware threatening public safety and national security, have demonstrated the need...

For more than a year, cybersecurity professionals in the government have been wrestling with a vastly more complicated threat landscape. Millions of employees suddenly working from home, often using their own devices, brought the full impact of “computing at the edge” to light. Meanwhile, high-profile cyber attacks, from the Solar Winds breach to ransomware threatening public safety and national security, have demonstrated the need...