CISA, Other Agencies Aid Zero-Trust Transition
CISA and other agencies are working together to help the entire government shift to zero trust, which focuses less on perimeter network security and more on data security and granular access control and permissions. Zero trust treats everything on the inside of the agency network as just as untrusted as everything on the outside of the network.
CISA has developed a zero-trust maturity model in recent weeks for agencies to help them determine progress across five pillars: identity, device, network, application workload and data. A CISA representative tells FCW there is “nothing to share publicly at this time” on the zero-trust maturity model document.
Over time, Hartman said, agencies will automate security across those pillars via continuous validation and real-time machine learning analytics. “As agencies will transition toward optimal zero trust implementations, their solutions will become more automated, they’ll fully integrate across pillars, and they’ll become more dynamic in their policy enforcement decisions,” he said.
The White House had started working with CISA and other relevant agencies ahead of the May 12 order to develop new guidelines on cybersecurity, according to FCW. Hartman said at the ACT-IAC panel that the interagency collaboration is essential to helping agencies make progress on cybersecurity, especially for those that had not put zero trust on their radars.
National Security Council Director for Cyber Incident Response Iranga Kahangama said the order is an overarching document that clearly spells out the White House’s desire to see agencies adopt zero trust and other cybersecurity enhancements.
“I think we realized with the federal government and its complexity, it’s going to take a winding path for each agency,” he said, according to FCW. “But what we wanted to do was really send a signal to the whole bulk of government and to industry that this is where we’re going.”
Deputy Federal CIO Maria Roat has also said that the administration’s continued push to get agencies to switch to IPv6 will also help aid the move to zero trust.
“By providing end-to-end network paths and better support of microsegmentation, the transition to IPv6-only is going to be a key component of zero-trust architecture — which is one of the key pillars of the executive order,” Roat said during the IPv6 Summit hosted by the General Services Administration in mid-June, according to FedScoop.