The U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA) and the Office of Management and Budget (OMB) this week announced they are seeking public feedback on draft zero-trust strategic and technical documentation.
The OMB has drafted a federal strategy to transition the U.S. government towards a zero-trust architecture and is now seeking public feedback to improve the documentation and improve the government’s cybersecurity stance.
The draft strategy, which falls in line with the Executive Order on Improving the Nation’s Cybersecurity (EO 14208) that requires for civilian agencies’ enterprise security architecture to be changed based on zero trust principles – clarifies zero trust priorities for these agencies.
[Related Reading: Zero Trust, We Must]
The strategy focuses on consolidating identity systems, implementing multi-factor authentication to combat phishing, encrypting traffic within internal networks, improving application security, and more. With the transition to a zero trust architecture expected to take years, the government is expected to adjust the strategy as new practices and technologies emerge.
Separately, CISA released the Cloud Security Technical Reference Architecture (TRA) and Zero Trust Maturity Model to support EO 14208. The Cloud Security TRA is meant to provide agencies with guidance on the cloud service adoption’s shared risk model, and the building and monitoring of a cloud environment.
Designed to complement OMB’s Zero Trust Strategy, the Zero Trust Maturity Model is expected to help agencies in their journey to zero trust by delivering a roadmap and resources for an optimal zero trust environment.
Public comments and feedback for both the TRA and Zero Trust Maturity Model can be submitted through October 1, 2021, via email.
Related: The VC View: Identity = Zero Trust for Everything
Related: NSA Publishes Guidance on Adoption of Zero Trust Security
