The Office of Management and Budget issued its guidance in January on meeting the requirements for agency networks to implement a zero trust architecture strategy. The purpose of the mandate is to defend against sophisticated penetrations by adversaries, whether nation-states or criminals, and it emphasized that identity management and access controls are key components. Taken together, identity and access controls mean that privileged access...

The federal government places a lot of emphasis on basic cyber hygiene practices that employees should use, such as using unique passwords for every application and changing them regularly, guarding against clicking on suspect links buried in emails, and backing up data frequently. The Cybersecurity and Infrastructure Security Agency (CISA) offers a wide range of cyber hygiene services to help agencies improve their cybersecurity postures thro...

The U.S. military understands the importance of strategy, and planning out the logistics of supporting that strategy. Once the big objective is determined, leaders determine the strategy that will achieve it, then work upstream, identifying the materials and manpower required, the order of events, bottlenecks to be addressed, and so on.This approach should apply to the entire federal government’s efforts to implement zero trust. The obje...

When the pandemic drove millions of government employees out of their offices and into remote work two years ago, the need to overhaul legacy identity and access management (IAM) processes became apparent. President Biden’s Executive Order and National Security Memorandum on cybersecurity pushed this further by embedding Zero Trust architecture at their core, and January’s memorandum from the Office of Management and Budget (M-22-0...

Ever since the White House issued its Cybersecurity Executive Order in May 2021, a lot of attention has been paid to the concept of zero trust embedded as its core objective. But the reason to get to zero trust is to protect the data – after all, what do system intruders want? To read, or alter, or copy the data, which they can then use for their own purposes, from monetizing intellectual property to stealing someone’s identity to...

On January 19, 2022, the White House issued National Security Memorandum 8 (NSM) to improve the cybersecurity of National Security, Department of Defense, and Intelligence Community Systems. The memorandum requires National Security Systems to employ network cybersecurity measures equal to or greater than those required of federal civilian networks in Executive Order 14028, issued in May 2021. The NSM builds on several parts of the EO, includi...

The Cybersecurity Executive Order released in May 2021 uses the word “data” more than two dozen times, referring to both data generated by the mandated cybersecurity measures and the government’s data more broadly. This increases the requirements for agencies to identify, classify, manage, and protect all their data, with particular emphasis on sensitive data. This webinar will feature thought leaders from government and indu...

On the evening of Jan. 20, 2022, President Biden will make his first State of the Union address – a good time to assess the condition of federal IT, particularly with regard to policy prescriptions that agencies must adopt, such as zero trust, to achieve greater cyber resilience. The foundation of the May 2021 Cybersecurity Executive Order is the directive for agencies to implement a zero trust architecture to strengthen their cyber defe...

It is easy to say, “Never trust – always verify.” It is much harder to put that philosophy into practice, even though zero trust is the foundation of the Cybersecurity Executive Order released in May. It is unprecedented for an EO to be so specific in its cybersecurity directives. Despite the EO, there is no single way to approach zero trust implementation. The National Security Agency released some guidance in February about...

The concept of zero trust is the core of the Cybersecurity Executive Order released in May. While its directives and deadlines apply to all federal agencies, it offers a useful model for state, local, territorial and tribal governments and educational systems whose cybersecurity needs are just as great. It is easy to say, “Never trust – always verify.” It is much harder to put into practice. The National Security Agency relea...