"White House Publishes Federal Zero Trust Strategy"

On Wednesday, the White House released its federal zero trust strategy, requiring agencies to meet certain cybersecurity standards and objectives by the end of fiscal year 2024.  The strategy builds upon the executive order signed by President Joe Biden in May 2021 to improve the United States’ cyber defenses.  When a zero trust model is implemented, no user, system, network, or service operating inside or outside the security perimeter is trusted, and every access attempt is verified.  The latest memorandum from the Office of Management and Budget (OMB) requires agencies to achieve certain goals by the end of 2024.  These goals focus on identity, devices, networks, applications and workloads, and data.   These are the five pillars described by the zero trust model of the DHS’s Cybersecurity and Infrastructure Security Agency (CISA).  Specifically, agency staff will be required to use enterprise-managed identities to access work applications and use phishing-resistant multi-factor authentication (MFA).  Agencies will need to have a complete inventory of devices and visibility into those devices for incident prevention, detection, and response.  Government organizations will need to encrypt traffic on their networks and implement network segmentation.  As for applications, they will need to be routinely tested, and agencies are advised to welcome external vulnerability reports.  Access to sensitive data will need to be monitored, and enterprise-wide logging and information sharing systems will need to be implemented.  While agencies have until the end of 2024 to achieve these goals, they are required to update their plans for implementing a zero trust architecture within 60 days and designate someone to lead zero trust implementation in their organization within 30 days.

SecurityWeek reports: "White House Publishes Federal Zero Trust Strategy"