U.S. Office of Management and Budget Introduces New Zero Trust Architecture Strategy

In a presidential response to reinforce federal defenses against threats to public safety, infrastructure and privacy, a new zero trust architecture (ZTA) strategy, requiring agencies to meet specific cybersecurity standards and objectives by the end of 2024, is being implemented. A ZTA model prescribes that anything outside or within the security perimeter is not trusted and everything attempting to gain access must be verified.

Key Ambitions:

  • Enterprise-managed accounts for federal staff
  • Devices consistently tracked and monitored for federal staff
  • Isolated and encrypted agency systems and traffic, application-based instead of network-based
  • System application security resilience testing
  • Converged security and data teams working together to develop enforcement against unauthorized access

Implementing this executive order, as well as the other aggressive efforts detailed in the full report, will require extensive partnerships with private industry partners, such as members of the Security Industry Association (SIA).

For further reading on President Biden’s cybersecurity executive order, see this May 2021 blog post from Chuck Davis, founder of Caveat Labs and a member of the SIA Cybersecurity Advisory Board.