Hello, Guest!

OMB Unveils Draft Federal Zero Trust Strategy; Chris DeRusha Quoted

The Office of Management and Budget has issued a draft federal strategy to help U.S. government agencies implement zero trust principles in their enterprise security architecture in accordance with President Joe Biden’s cybersecurity executive order.

OMB said Tuesday the draft Federal Zero Trust Strategy establishes baseline technical and policy requirements and covers key areas, including countering phishing through multifactor authentication, strengthening application security, encrypting traffic and treating internal networks as untrusted and consolidating identity systems.

Chris DeRusha, federal chief information security officer and a 2021 Wash100 Award winner, said the draft strategy seeks to help agencies put zero trust principles into practice.

“While we feel the urgency to begin implementing this plan, we know that input from the broader community of experts will help ensure it is the right plan. We welcome feedback on how we can refine this strategy to best advance federal cybersecurity,” DeRusha added.

OMB said the draft strategy envisions a federal zero trust architecture that backs intelligent automation of security actions, strengthens identity practices across agencies, relies on application testing and encryption and enables use of cloud services.

Public comments on the draft strategy are due Sept. 21.

The Cybersecurity and Infrastructure Security Agency also unveiled the Zero Trust Maturity Model and Cloud Security Technical Reference Architecture. CISA’s maturity model complements OMB’s draft strategy and seeks to help agencies develop zero trust architectures, while the Cloud Security TRA intends to guide agencies how to build and monitor a cloud environment.

CISA will accept comments on the Zero Trust Maturity Model and Cloud Security TRA through Oct. 1.

Supply Chain Cybersecurity: Revelations and Innovations

ExecutiveBiz, sister site of GovCon Wire and part of the Executive Mosaic digital media umbrella, will host a virtual event about securing the supply chain on Oct. 26. Visit ExecutiveBiz.com to sign up for the “Supply Chain Cybersecurity: Revelations and Innovations” event.

Video of the Day

GovCon Wire Logo

Sign Up Now! GovCon Wire provides you with Daily Updates and News Briefings about Cybersecurity

Related Articles