CISA Assisting White House in Developing Zero Trust Strategy

The Biden Administration is preparing a strategy to allow organizations to better use security systems designed to detect threats within networks, according to Matt Hartman, the deputy executive assistant director of the Cybersecurity and Infrastructure Security Agency.

Hartman said Tuesday that CISA is helping the White House work on the zero trust strategy with assistance from the National Institute of Standards and Technology and the National Security Agency, among others.

The CISA official made the remarks during a MeriTalk-hosted event focused on a May 12 executive order that directed government agencies to develop zero trust implementation plans, Nextgov reported.

During the June 22 event, Hartman discussed a recently released CISA document that attempts to clarify the principles of zero trust.

The document also provides options for steps that federal agencies can take to navigate the implementation process.

CISA’s draft zero trust model has five pillars: identity, device, network, application workload and data.

According to Harman, the model has markers along three stages toward achieving a mature architecture that employs the zero trust principle. He emphasized that continual identity verification is important in a security system that assumes the occurrence of a breach.

Meanwhile, Bryan Ware, former CISA assistant director for cybersecurity, noted that the government will face challenges in determining the truthfulness of various organizations claiming to provide zero trust solutions.

At the event, he acknowledged that the government should not spend years working on the zero trust strategy before getting into the implementation and execution phases. However, he said that if the government moves too fast, there could be many “misses and mis-deployments.”

To control the number of vendors allowed to serve the government, Ware recommended using CISA’s Cybersecurity Quality Services Management Office Marketplace to choose the appropriate solution providers.