The Government Accountability Office (GAO) has sized up the U.S. Secret Service’s work thus far on migrating to a zero trust security footing, and found that the Department of Homeland Security (DHS) component still has plenty of work to do on that effort.
GAO’s Nov. 15 report talks about plenty of positive steps that the Secret Service has taken on zero trust, in addition to steps that the agency should take to get in line with the latest Federal government mandates on zero trust that spring from President Biden’s cybersecurity executive order issued last year.
“The Secret Service completed a self-assessment, and made progress in implementing cloud services and achieving maturity in event logging,” GAO said. “In addition, the agency had a plan to implement a more advanced internet protocol, but had not met longstanding Office of Management and Budget (OMB) requirements for public-facing systems.”
The report explains that the Secret Service “developed its implementation plan before OMB issued” its own detailed guidance to Federal agencies as a following up to the executive order, and because of that the Secret Service missed some of the key criteria from that guidance.
“Secret Service has not updated its implementation plan to reflect these additional efforts,” GAO said. “Doing so would provide agency management with a comprehensive and unified view of disparate activities associated with the zero trust architecture transition process,” the report says.
The report offers two main recommendations when it comes to satisfying some of the OMB criteria’s for zero trust, including the following:
- Transition to a more advanced internet protocol for public-facing systems; and
- Update the agency’s zero trust architecture implementation plan.
DHS agreed with both of those recommendations.