"GAO Checks Secret Service's Progress on Zero-Trust Architecture"

According to the Government Accountability Office (GAO), the US Secret Service's zero-trust cybersecurity implementation plan needs to be updated. The government watchdog did, however, acknowledge the Secret Service's progress in this area. A zero-trust architecture is a set of cybersecurity principles that states that organizations must validate all attempts to access their systems and services. The zero-trust principle is based on the idea that no actor operating outside or inside an organization's network should be trusted. This architecture integrates comprehensive security monitoring, granular risk-based access controls, and system security automation into all aspects of the infrastructure. The federal government has begun to explore the use of zero-trust architecture. Since 2020, the National Institute of Standards and Technology (NIST) and the Office of Management and Budget (OMB) have provided federal agencies with direction and guidance on the use of such architecture. Furthermore, the Cybersecurity and Infrastructure Security Agency (CISA) issued a draft roadmap for the transition to zero-trust architecture in 2021, and the 2022 National Defense Authorization Act (NDAA) directed the Department of Defense (DOD) to develop a zero-trust strategy and model architecture. The US Secret Service has created an implementation plan for four zero-trust architecture-related milestones. The milestones are to self-assess the agency's Information Technology (IT) environment against federal guidance, implement cloud service offerings from a vendor, achieve event logging maturity, and transition the agency's IT infrastructure to a more advanced Internet protocol. GAO discovered that the Secret Service completed a self-assessment and made progress in implementing cloud services and achieving event logging maturity. Furthermore, the agency had planned to implement a more advanced Internet protocol, but had not met the long-standing OMB requirements for public-facing systems. GAO claims that by switching to this protocol, the agency will be able to take advantage of additional security features. This article continues to discuss the US Secret Service's progress toward zero-trust architecture and areas in need of improvement.

HSToday reports "GAO Checks Secret Service's Progress on Zero-Trust Architecture"