White House Sets Zero Trust Implementation Deadlines for Agencies

The White House’s Office of Management and Budget has released a memorandum requiring government agencies to meet certain cybersecurity goals by fiscal year 2024.

The federal zero trust architecture strategy was developed in response to the increasing sophistication of the cyber threats faced by the government, OMB acting Director Shalanda Young said in the memo released Wednesday.

Young said that the directive supports the implementation of President Joe Biden’s May 2021 executive order on modernizing the government’s cybersecurity.

One of the executive order’s key elements is zero trust, a modern security architecture that operates on the assumption that no entity—inside out outside a network’s security perimeter—should be trusted.

The goals outlined in OMB’s memo are based on the zero trust maturity model published by the Cybersecurity and Infrastructure Security Agency in September 2021, Young said.

OMB highlighted the five lines of effort endorsed by CISA’s model: the adoption of enterprise-managed identities, creation of a completed inventory of government devices, encryption of network and internet traffic, protection of internet-connected devices and the use of cloud security services for sensitive data.

An official at CISA recently announced plans to update the zero trust maturity model to help agencies meet the White House’s cybersecurity goals.

Young said that agencies have two months to provide OMB and CISA details on their plan to implement the strategy from fiscal year 2022 through the end of fiscal year 2024.

OMB also gave agencies 30 days to designate their organization’s zero trust strategy implementation lead, which will serve as the White House’s point person for government-wide coordination.