Zero trust architecture

OMB Wants Real-Time Scoring System for Commercial Authentication Tools

The White House’s Office of Management and Budget is mulling the creation of a real-time trustworthiness scoring system for commercial zero trust solutions.

Dan Chandler, chief information security officer in OMB’s Management and Operations division, explained that agencies rely on authentication tools made by companies like Google, Amazon and Microsoft.

However, people’s trust in systems like Google Authenticator may change because of certain incidents. Chandler said that with OMB’s proposed system, a tool’s trust score may drop if a zero-day vulnerability is discovered.

Zero trust is a key element of President Joe Biden’s May 2021 federal cybersecurity executive order. While agencies have accelerated their zero trust efforts, a lack of funding and expertise remains for systems like the one Chandler envisions, FedScoop reported Thursday.

“System may be too strong a word. This is an idea that we’re starting to develop,” Chandler said at an Advanced Technology Academic Research Center webinar.

Chandler added that the OMB is transitioning its existing MAX .gov authentication system to the General Services Administration.

MAX .gov is a web-based suite of collaboration, information-sharing and business intelligence tools used government-wide, according to its website.

Before the end of 2022, GSA will create an alternative to MAX .gov that, according to Chandler, will be built on Microsoft’s Azure Active Directory identity service.