The U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA) and the Office of Management and Budget (OMB) this week announced they are seeking public feedback on draft zero-trust strategic and technical documentation.
The OMB has drafted a federal strategy to transition the U.S. government towards a zero-trust architecture and is now seeking public feedback to improve the documentation and improve the government’s cybersecurity stance.
The draft strategy, which falls in line with the Executive Order on Improving the Nation’s Cybersecurity (EO 14208) that requires for civilian agencies’ enterprise security architecture to be changed based on zero trust principles – clarifies zero trust priorities for these agencies.
[Related Reading: Zero Trust, We Must]
The strategy focuses on consolidating identity systems, implementing multi-factor authentication to combat phishing, encrypting traffic within internal networks, improving application security, and more. With the transition to a zero trust architecture expected to take years, the government is expected to adjust the strategy as new practices and technologies emerge.
Separately, CISA released the Cloud Security Technical Reference Architecture (TRA) and Zero Trust Maturity Model to support EO 14208. The Cloud Security TRA is meant to provide agencies with guidance on the cloud service adoption’s shared risk model, and the building and monitoring of a cloud environment.
Designed to complement OMB’s Zero Trust Strategy, the Zero Trust Maturity Model is expected to help agencies in their journey to zero trust by delivering a roadmap and resources for an optimal zero trust environment.
Public comments and feedback for both the TRA and Zero Trust Maturity Model can be submitted through October 1, 2021, via email.
Related: The VC View: Identity = Zero Trust for Everything
Related: NSA Publishes Guidance on Adoption of Zero Trust Security

More from Ionut Arghire
- Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation
- Google Cloud Users Can Now Automate TLS Certificate Lifecycle
- NCC Group Releases Open Source Tools for Developers, Pentesters
- Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation
- Apria Healthcare Notifying 2 Million People of Years-Old Data Breaches
- European Cybersecurity Firm Sekoia.io Raises $37.5 Million
- GitLab Security Update Patches Critical Vulnerability
- Android App With 50,000 Downloads in Google Play Turned Into Spyware via Update
Latest News
- Industrial Giant ABB Confirms Ransomware Attack, Data Theft
- Organizations Worldwide Targeted in Rapidly Evolving Buhti Ransomware Operation
- Google Cloud Users Can Now Automate TLS Certificate Lifecycle
- Zyxel Firewalls Hacked by Mirai Botnet
- Watch Now: Threat Detection and Incident Response Virtual Summit
- NCC Group Releases Open Source Tools for Developers, Pentesters
- Memcyco Raises $10 Million in Seed Funding to Prevent Website Impersonation
- New Russia-Linked CosmicEnergy ICS Malware Could Disrupt Electric Grids
