Substantial work is required to meet the mandates laid out in the EO. OMB, for example, said it expects that “moving to a zero trust architecture will be a multiyear journey for agencies, and the Federal government will learn and adjust as new technologies and practices emerge.”

[…]

To better protect critical operations against attacks, President Biden issued the Executive Order (EO) on
Improving the Nation’s Cybersecurity, which outlines actions that Federal agencies must take to fortify our
nation’s digital infrastructure. A central element of the EO is a mandate to adopt a Zero Trust architecture.

[…]

Bryan Rosensteel has spent more than a decade working with identity in the Federal government. As a Federal solutions architect at identity services provider Ping Identity, he advises government agencies on best practices for deploying zero trust security architecture. When President Biden issued the Executive Order on Improving the Nation’s Cybersecurity (EO), Rosensteel was positively […]

[…]

Security teams find themselves in perpetual cybersecurity crisis mode, trying to catch a breach quickly, limit the spread within the network, and remediate. Is there another way?

[…]

A new cybersecurity paradigm is emerging, and a Zero Trust Architecture is at its core. President Biden’s Cybersecurity Executive Order affirmed the importance of moving to zero trust to protect government’s most sensitive assets. But how can agencies achieve zero trust security, alongside similar mandates to move to cloud infrastructure? This video from DLT and AWS explores the latest advances in cloud security for Federal agencies.

[…]

Federal agencies face increasingly skillful and potent cyberthreats from state-sponsored attackers, supply chain infiltration, insidious ransomware, and silent network lurkers, but a trio of actions can protect against those assaults.

[…]

With the U.S. Federal Government largely moving to a hybrid or work-from-home environment, this workforce
presents a series of new concerns for IT Security professionals.

[…]

A comprehensive approach to network visibility and security requires a new way of thinking. As networks continue to rapidly grow in capacity, complexity, and flexibility, the historical approach of bolting on sensors for visibility does not scale in terms of cost or labor. And bolted-on equipment does not always evolve with the network.

[…]

Public sector agencies face a daunting set of challenges as society adjusts to the post-COVID-19 environment. Whether it is federal, state and local government, military, law enforcement, or blue light responders, all disciplines that previously depended on in-person processes have been forced to pivot to digital alternatives at an
uncomfortable speed.

[…]

Cybersecurity in the federal government today is reactive and tactical. It’s filled with activities such as reviewing and closing out alerts in a security information and event management (SIEM) system, searching for indicators of compromise from a breach, or conducting incident response investigations. But a seismic shift is occurring as agencies move toward a proactive approach in which they trust nothing and verify everything.

[…]

Widespread breaches by hostile actors, the rising number of remote employees and bring-your-own-device (BYOD), the
growth of software as a service (SaaS), and cloud migration have rendered perimeter-based security obsolete. The Zero
Trust approach to cybersecurity — now mandated by a Presidential Executive Order — is growing rapidly in the public
sector. Zero Trust shifts security away from the perimeter, and closer to an organization’s most valuable assets.

[…]

IT and security teams have certainly risen to the occasion to keep organizations and their employees productive through one of the wildest years in history. Humans are resilient creatures, and those in the technology world certainly did not disappoint. But as the world begins to recover from it all, technology has evolved with some notable changes, requiring organizations to rethink many of their operational fundamentals.

[…]

Prior to the COVID-19 pandemic, about 80 percent of Federal agencies were using more than one cloud platform, and 85 percent said the pandemic amplified the importance of moving to a hybrid cloud environment in order to improve government
resiliency. The Biden administration’s May 2021 cybersecurity executive order further amplified the push for cloud computing, as the president called on agencies to accelerate their movement to secure cloud services.

[…]

Federal agency efforts to improve IT operations are graded each year via the FITARA Scorecard, which measures progress against the objectives laid out in the Federal Information Technology Acquisition Reform Act (FITARA), a comprehensive piece of legislation designed to create greater transparency and improve risk management in Federal IT.

[…]

From ransomware to malware to hackers trying to break through barriers inside and outside of the network, no industry is immune to bad actors finding ways around traditional cybersecurity, including the Federal government.

[…]

The Federal government and our economy run on data, so it must be available, trusted, and most of all secure. These three requirements are inextricably linked, and a string of high-profile and damaging cybersecurity events in the last year have made this fact crystal clear.

[…]

The safety and security of our critical infrastructure has never been more important than it is today. Adversaries have advanced capabilities and are constantly targeting these systems; consequently, investments in cyber security are expected to top $17 billion in 2021. Still, continued investments in new solutions will not realize their full potential unless foundational capabilities are in place.

[…]

The SolarWinds Orion breach sent powerful shockwaves through the public sector IT community already on heightened alert throughout the pandemic. The event was a powerful reminder of continued escalation of the threat landscape. It also, however, presents an ideal opportunity to rethink public sector cybersecurity strategies and accelerate the adoption of zero-trust architectures across the enterprise.

[…]

Once an agency establishes its vision for zero trust and begins to shift the collective mindset to “never trust, always verify,” a series of tactical steps can ease the zero trust journey by breaking it down into manageable, incremental components.

[…]

This guide lays out a practical approach in five phases for implementing Zero Trust for the Federal Workforce, which comprises
an agency’s users and their devices, and how they access applications.

[…]

1 2 3