The U.S. government’s Cybersecurity and Infrastructure Security Agency (CISA) and the Office of Management and Budget (OMB) this week announced they are seeking public feedback on draft zero-trust strategic and technical documentation.
The OMB has drafted a federal strategy to transition the U.S. government towards a zero-trust architecture and is now seeking public feedback to improve the documentation and improve the government’s cybersecurity stance.
The draft strategy, which falls in line with the Executive Order on Improving the Nation’s Cybersecurity (EO 14208) that requires for civilian agencies’ enterprise security architecture to be changed based on zero trust principles – clarifies zero trust priorities for these agencies.
[Related Reading: Zero Trust, We Must]
The strategy focuses on consolidating identity systems, implementing multi-factor authentication to combat phishing, encrypting traffic within internal networks, improving application security, and more. With the transition to a zero trust architecture expected to take years, the government is expected to adjust the strategy as new practices and technologies emerge.
Separately, CISA released the Cloud Security Technical Reference Architecture (TRA) and Zero Trust Maturity Model to support EO 14208. The Cloud Security TRA is meant to provide agencies with guidance on the cloud service adoption’s shared risk model, and the building and monitoring of a cloud environment.
Designed to complement OMB’s Zero Trust Strategy, the Zero Trust Maturity Model is expected to help agencies in their journey to zero trust by delivering a roadmap and resources for an optimal zero trust environment.
Public comments and feedback for both the TRA and Zero Trust Maturity Model can be submitted through October 1, 2021, via email.
Related: The VC View: Identity = Zero Trust for Everything
Related: NSA Publishes Guidance on Adoption of Zero Trust Security

More from Ionut Arghire
- KeePass Update Patches Vulnerability Exposing Master Password
- Google Workspace Gets Passkey Authentication
- Cybersecurity Startup Elba Raises €2.5 Million for Employee-Focused Product
- Apple Unveils Upcoming Privacy and Security Features
- Dozens of Malicious Extensions Found in Chrome Web Store
- Microsoft Makes SMB Signing Default Requirement in Windows 11 to Boost Security
- Zyxel Urges Customers to Patch Firewalls Against Exploited Vulnerabilities
- Gigabyte Rolls Out BIOS Updates to Remove Backdoor From Motherboards
Latest News
- KeePass Update Patches Vulnerability Exposing Master Password
- AntChain, Intel Create New Privacy-Preserving Computing Platform for AI Training
- Keep Aware Raises $2.4M to Eliminate Browser Blind Spots
- Google Workspace Gets Passkey Authentication
- Cybersecurity Startup Elba Raises €2.5 Million for Employee-Focused Product
- Zoom Expands Privacy Options for European Customers
- Several Major Organizations Confirm Being Impacted by MOVEit Attack
- Apple Unveils Upcoming Privacy and Security Features
