Jun 08 2023

On Their Journey to Zero Trust, Federal Agencies Are Stepping Up in Several Ways.

Federal agencies are stepping up to zero trust implementation challenges in several ways.

Federal IT and cybersecurity leaders have a little more than a year to meet specific goals laid out in a 2021 executive order that established a zero-trust strategy for the federal government. The plan they need to follow is even clearer now, thanks to an updated roadmap released by the Cybersecurity and Infrastructure Security Agency in April 2023.

But that doesn’t mean the journey to zero trust is any easier. Changing infrastructures and systems to fully align with zero trust principles can be a challenging endeavor for agencies, especially in today’s rapidly evolving technology landscape.

It’s clear that agencies are stepping up to those challenges by adopting new systems and processes in order to escalate their IT modernization efforts and implement zero trust security principles.

Click the banner below to get Insider access to exclusive security articles.

How Agencies Are Rising to the Zero Trust Challenge

Several agencies, for example, have shifted to a development, security and operations approach in order to integrate security as a shared responsibility throughout the IT development lifecycle. (“Agencies Finally Have the Resources to Scale DevSecOps”).

At the Department of Energy, DevSecOps has allowed the department’s development teams to more quickly navigate the Authority to Operate security authorization process. The VA’s implementation of DevSecOps is not only an IT strategy but also a way to give veterans access to the services they’ve earned while also giving them confidence that the agency is protecting their personal information.

Multifactor authentication is another key component of the push toward zero-trust architecture, but with contractors accounting for up to 40 percent of the federal workforce, agencies need a more diverse set of authentication technologies beyond the Personal Identify Verification card that helps keep full-time staff secure.

Our feature “Agencies Onboarding Contractors Need More Diverse Authentication Technologies” highlights some of these Identity, Credential and Access Management (ICAM) technologies, including Fast Identity Online (FIDO2), a set of open, standardized authentication protocols that the USDA is using as they move toward full implementation of the zero-trust authentication requirements.

As new and increasingly more sophisticated cyberthreats continue to emerge, government IT professionals will undoubtedly face new challenges as they work to fully implement a zero trust architecture. But I have no doubt that when they do, they’ll find new and improved solutions in order to continue to serve and protect citizens securely and efficiently.

pixdeluxe/Getty Images

Learn from Your Peers

What can you glean about security from other IT pros? Check out new CDW research and insight from our experts.