The CIO Council is currently leading an effort, along with a multi-agency working group, to develop a new Zero Trust Playbook for agencies, according to Thomas Santucci, the director of the General Services Administration Data Center and Cloud Optimization Initiative Program Management Office (DCCOI PMO).
At an FCW event today, Santucci said his office is supporting the development of the new playbook, which will provide agencies with “technically and organizationally oriented plays that describe how to adopt [the] zero trust model and how to create an integrated zero trust architecture, leveraging existing capabilities.”
While Santucci did not offer a specific date of when this playbook would be published, he said the CIO Council is “hot and heavy working on it right now,” and has about eight to 10 agencies that are supporting the effort.
“It focuses on how to implement zero trust, rather than why they should be implemented,” Santucci said of the playbook. “Given the many resources produced by the Federal government to help agencies move to zero trust, the zero trust architecture playbook also serves as a central resource for any information provided to the government.”
One play that the playbook offers is centered around data discovery, according to Santucci.
The play instructs agencies to manually gather data and organize it within their business unit or system “that relates the data to your critical infrastructure systems,” he said. Next, agencies should leverage automated tools to collect interactive and “digestible” data.
Finally, Santucci said agencies can use data visualization navigation “to generate data visualization and charts that simplify the interpretation of complex quantitative information.”
Santucci said those that are supporting the playbook effort are “the best and brightest the government has to offer,” including Steven Hernandez, the chief information security officer at the Department of Education.