The National Security Telecommunications Advisory Committee (NSTAC) – a group of private sector experts that advises the White House on telecommunications issues that affect national security and emergency preparedness – is advising the Cybersecurity and Infrastructure Security Agency (CISA) to establish a dedicated Zero Trust Program Office.
In a new report, NSTAC said the office would be for Federal civilian agencies “to host implementation guidance, reference architectures, capability catalogs, training modules, and generally serve as a civilian government knowledge management center of excellence for zero trust.”
NSTAC advised the office should also coordinate and share best practices with the newly established Department of Defense Zero Trust Program Office.
The committee offered several other recommendations for the Federal government’s zero trust transition, including the establishment of a working group to develop zero trust maturity models for key Federal enterprise infrastructure services.
NSTAC also recommended the Federal chief information security officer and national cyber director work together to establish or enhance reporting requirements for zero trust implementation.
“Absent additional significant action, the U.S. government risks zero trust becoming an incomplete experiment – a collection of disjointed technical security projects measured in years – rather than the foundation of an enduring, coherent, and transformative strategy measured in decades,” the report states.
The committee explained that while the Office of Management and Budget’s Federal Zero Trust Strategy is limited to a 2 ½ year period, the government must take significant policy actions now “to institutionalize a culture of zero trust” that will last long term.
The NSTAC unanimously approved the draft report and its recommendations during a Feb. 23 meeting, according to reporting from NextGov.