Federal CISO Says Zero Trust Implementation Has Started
Chris DeRusha, federal chief information security officer, said at a CyberScoop event that the Office of Management and Budget has begun implementing zero trust across the government. He explained that work is ongoing to assist agencies with cybersecurity cost management and formally establish a broad cultural shift.
According to DeRusha, long-term adoption hinges upon government transparency regarding zero trust spending, FedScoop reported.
The OMB’s move is the latest development in efforts to overhaul federal network security. In August, a Cybersecurity and Infrastructure Security official highlighted the formation of a working group focused on addressing obstacles to zero trust funding. Agencies currently rely upon vehicles such as the Technology Modernization Fund and the Federal High-Value Asset program to finance cyber upgrades.
January saw the release of Memorandum M-22-09, an OMB document that set whole-of-government implementation deadlines for zero trust. It laid out a roadmap for agencies to reach specific requirements by fiscal year 2024, including the integration of multifactor authentication and attribute-based access control systems.
The memorandum was a refinement of a draft strategy released in September 2021. OMB’s efforts followed the release of the Executive Order on Improving the Nation’s Cybersecurity in May of that year.
Tags: Chris DeRusha cybersecurity Cybersecurity and Infrastructure Agency FedScoop Office of Management and Budget zero trust