The Office of Management and Budget has issued a draft federal strategy to help U.S. government agencies implement zero trust principles in their enterprise security architecture in accordance with President Joe Biden’s cybersecurity executive order.
OMB said Tuesday the draft Federal Zero Trust Strategy establishes baseline technical and policy requirements and covers key areas, including countering phishing through multifactor authentication, strengthening application security, encrypting traffic and treating internal networks as untrusted and consolidating identity systems.
“While we feel the urgency to begin implementing this plan, we know that input from the broader community of experts will help ensure it is the right plan. We welcome feedback on how we can refine this strategy to best advance federal cybersecurity,” DeRusha added.
OMB said the draft strategy envisions a federal zero trust architecture that backs intelligent automation of security actions, strengthens identity practices across agencies, relies on application testing and encryption and enables use of cloud services.
Public comments on the draft strategy are due Sept. 21.
The Cybersecurity and Infrastructure Security Agency also unveiled the Zero Trust Maturity Model and Cloud Security Technical Reference Architecture. CISA’s maturity model complements OMB’s draft strategy and seeks to help agencies develop zero trust architectures, while the Cloud Security TRA intends to guide agencies how to build and monitor a cloud environment.
CISA will accept comments on the Zero Trust Maturity Model and Cloud Security TRA through Oct. 1.
ExecutiveBiz, sister site of GovCon Wire and part of the Executive Mosaic digital media umbrella, will host a virtual event about securing the supply chain on Oct. 26. Visit ExecutiveBiz.com to sign up for the “Supply Chain Cybersecurity: Revelations and Innovations” event.