For Federal agencies, a zero-trust model means not only knowing who might be on their networks accessing data and information, but making sure a user has an authorized reason to access that information.
For agencies like the Department of Education and Department of Homeland Security’s (DHS) Federal Emergency Management Agency (FEMA) it’s essential to protect citizen data.
Speaking on a FedInsider webinar, Acting CISO for FEMA Craig Wilson said that when FEMA collects survivor’s data in national disasters, it has to be well-protected and that means knowing “beyond a shadow of a doubt” who’s coming into the network.
In attaining zero trust, Wilson says the biggest thing is to make sure that an agency is able to have due process for access management for people coming into the network and for FEMA, specifically, to be able to respond on any day – whether there is a disaster or not – and still protect the data it collects.
CISO for the Department of Education Steven Hernandez spoke to the benefits of continuous diagnostics management (CDM) in zero-trust models.
“Most agencies are looking at CDM data as a vital part of the zero-trust model,” he said. “The key is getting all the data in one place.” Hernandez added that CDM is one of the richest sources for trying to connect systems and how vulnerable they are and securing devices is important in zero trust.
As far as workforce goes, Hernandez said zero trust is “a wonderful opportunity for folks to get involved” and that it will increase the work needing to be done for Federal cybersecurity experts.