Zero trust adoption
Labor Department Establishes Public-Private Sector Team Focused on Zero Trust
The Department of Labor has established a team of agency officials and industry experts to identify what needs to be done in order to achieve zero trust.
The creation of the public-private sector team was necessary to keep up with the tight deadlines imposed by President Joe Biden in his recent cybersecurity executive order, according to Paul Blahusch, the agency’s chief information security officer.
Biden’s EO requires the development of an agency-wide plan for zero trust architecture and implementation within 60 days, FCW reported.
One of the team’s first accomplishments was proposing 21 strategic initiatives around zero trust, complete with detailed timelines. The plan is to close the gap between the agency’s current cyber posture and the target state outlined in the EO, Blahusch said at an FCW cybersecurity workshop.
Team members analyzed potential weaknesses and identified seven necessary zero trust components: device, network, data, analytics, microsegmentation, penetration testing and workload protection.
Zero trust has grown from simply being a popular buzzword to becoming a central part of agencies’ cybersecurity strategies amid the increasing need to better secure federal networks.
A new initiative by the National Institute of Standards and Technology is expected to give agencies a blueprint on how to move forward with zero trust adoption.
NIST’s National Cybersecurity Center of Excellence recently announced that it will be partnering with 18 tech companies to design and deploy federally compliant zero-trust security architectures. The NCCoE will then release an NIST Cybersecurity Practice Guide in the Special Publication 1800 series detailing approaches to implement the reference designs.
Some of the companies included in the project are Amazon Web Services, Cisco Systems, FireEye, IBM, Microsoft, Palo Alto Networks and Zscaler.
Category: Federal Civilian