Hello, Guest!
  • Wednesday, April 24, 2024

OMB Unveils Draft Federal Zero Trust Strategy; Chris DeRusha Quoted

The Office of Management and Budget has issued a draft federal strategy to help U.S. government agencies implement zero trust principles in their enterprise security architecture in accordance with President Joe Biden’s cybersecurity executive order.

OMB said Tuesday the draft Federal Zero Trust Strategy establishes baseline technical and policy requirements and covers key areas, including countering phishing through multifactor authentication, strengthening application security, encrypting traffic and treating internal networks as untrusted and consolidating identity systems.

Chris DeRusha, federal chief information security officer and a 2021 Wash100 Award winner, said the draft strategy seeks to help agencies put zero trust principles into practice.

“While we feel the urgency to begin implementing this plan, we know that input from the broader community of experts will help ensure it is the right plan. We welcome feedback on how we can refine this strategy to best advance federal cybersecurity,” DeRusha added.

OMB said the draft strategy envisions a federal zero trust architecture that backs intelligent automation of security actions, strengthens identity practices across agencies, relies on application testing and encryption and enables use of cloud services.

Public comments on the draft strategy are due Sept. 21.

The Cybersecurity and Infrastructure Security Agency also unveiled the Zero Trust Maturity Model and Cloud Security Technical Reference Architecture. CISA’s maturity model complements OMB’s draft strategy and seeks to help agencies develop zero trust architectures, while the Cloud Security TRA intends to guide agencies how to build and monitor a cloud environment.

CISA will accept comments on the Zero Trust Maturity Model and Cloud Security TRA through Oct. 1.

Supply Chain Cybersecurity: Revelations and Innovations

ExecutiveBiz, sister site of GovCon Wire and part of the Executive Mosaic digital media umbrella, will host a virtual event about securing the supply chain on Oct. 26. Visit ExecutiveBiz.com to sign up for the “Supply Chain Cybersecurity: Revelations and Innovations” event.

Video of the Day

Related Articles

Thales TCT’s Gina Scinta: Agencies Should Adopt Strong MFA, Crypto-Agile Tech to Protect Data Cybersecurity

Thales TCT’s Gina Scinta: Agencies Should Adopt Strong MFA, Crypto-Agile Tech to Protect Data

Gina Scinta, deputy chief technology officer at Thales Trusted Cyber Technologies, said government agencies should implement proper access controls to better safeguard data from cyberthreat actors, including the use of multifactor authentication and crypto-agile platforms. Scinta wrote that agencies should adopt multifactor authentication that depends on “some type of hardware- or software-based token for granting

Sue Gordon, John Richardson, Michael Rogers Push for Post-Quantum Cryptography Cybersecurity

Sue Gordon, John Richardson, Michael Rogers Push for Post-Quantum Cryptography

Sue Gordon, former principal deputy director of national intelligence, wrote a joint commentary with U.S. Navy veterans John Richardson and Michael Rogers urging organizations to start their efforts to migrate cybersecurity procedures to post-quantum cryptography. They warned that the “store now, decrypt later” technique could allow hackers to steal sensitive information from U.S. entities due

MongoDB’s Jennifer Hayes: Database-as-a-Service Platforms Could Help Agencies Facilitate App Modernization News

MongoDB’s Jennifer Hayes: Database-as-a-Service Platforms Could Help Agencies Facilitate App Modernization

Jennifer Hayes, sales director at MongoDB, said government agencies looking to update legacy applications in a secure and fully managed environment in support of their missions should consider adopting database-as-a-service platforms. Hayes discussed how cloud database services like Atlas for Government could help federal, local and state government agencies facilitate application development while integrating security