Advancing zero trust

NSTAC Recommends Setting Up Zero Trust Office at CISA

The National Security Telecommunications Advisory Committee said the Cybersecurity and Infrastructure Security Agency should establish a new office that would implement zero trust principles.

According to a new NSTAC report, the office will serve as a management center of excellence for zero trust and will be a hub for zero trust-related implementation guidance, reference architectures, capability catalogs and training modules. It should also coordinate with the Department of Defense’s Zero Trust Program Office about best practices, Nextgov reported Thursday.

The zero trust office is one of several recommendations that NSTAC provided in its report, which was unanimously approved during a hearing on Wednesday. The committee also recommended that the government ramp up efforts to ensure that identity management and zero trust initiatives are implemented in the long run.

The committee also noted that the Office of Management and Budget’s Federal Zero Trust Strategy is appropriately projected over a 30-month period. Other recommendations include having the chief information security officer and the national cyber director come up with zero trust metrics and reporting requirements and advance zero trust at international standard bodies.

The report is the second of three documents that the National Security Council required. In November, NSTAC recommended that agencies invest in automating software assurance.

The committee will create a report on information technology and operational technology used in industrial control systems.