Cybersecurity model

GSA to Release Zero Trust Implementation Playbooks Containing Specific Steps

The General Services Administration plans to publish a collection of zero trust implementation playbooks in the coming months, a technology official said.

Kiran Balsa, the deputy director of the information technology modernization division in GSA’s Office of Government-wide Policy, said the documents are aimed at addressing the lack of specific steps in existing zero trust guides, FCW reported.

One such guidance is the National Institute of Standards and Technology’s Special Publication 800-207, which offers general recommendations for deployment and identifies what use cases zero trust is effective for.

In late 2021, the Cybersecurity and Infrastructure Security Agency published a draft of its zero trust maturity model. The document provides a template for zero trust strategies and presents ways that the agency can provide support.

According to Balsa, GSA plans to release about six playbooks covering topics such as base capability requirements, identity, devices and network applications.

“There’s a lot there, and it can all be distilled down in simple terms. That’s what we’re trying to do – and then provide actual guidance to agencies,” Balsa said at a Digital Government Institute event.

GSA began developing the playbooks earlier in 2022 with the help of the Federal CIO Council. Thomas Santucci, director of GSA’s Data Center and Cloud Optimization Initiative Program Management Office, previously said that the playbooks can serve as a central resource for the government’s other guidelines, MeriTalk reported.

Zero trust is a modern cybersecurity architecture that is a key element of President Joe Biden’s May 2021 executive order on modernizing federal cybersecurity.