White House orders agencies to switch to zero trust architecture

News IT United States 27 JAN 2022
White House orders agencies to switch to zero trust architecture

The US Office of Management and Budget released a finalised federal strategy that establishes the initial details of the US government's move to a 'zero trust' security model. The release of the strategy comes after an executive order issued by President Joe Biden in May 2021 with the aim of securing the country's digital borders, as well as a draft strategy that the OMB released in September.

Biden's order initiated a sweeping government-wide effort to ensure that baseline security practices are in place, to migrate the federal government to a zero trust architecture, and to realise the security benefits of cloud-based infrastructure while mitigating associated risks. 

This memorandum sets forth a federal zero trust architecture (ZTA) strategy, requiring agencies to meet specific cyber-security standards and objectives by the end of fiscal year 2024 in order to reinforce the government’s defenses against increasingly sophisticated and persistent threat campaigns. Those campaigns target federal technology infrastructure, threatening public safety and privacy, damaging the American economy, and weakening trust in government. 

This strategy envisions several actions. First, federal staff have enterprise-managed accounts, allowing them to access everything they need to do their job while remaining reliably protected from even targeted, sophisticated phishing attacks. Second, the devices that federal staff use to do their jobs are consistently tracked and monitored, and the security posture of those devices is taken into account when granting access to internal resources. 

Third, agency systems are isolated from each other, and the network traffic flowing between and within them is reliably encrypted. Fourth, enterprise applications are tested internally and externally, and can be made available to staff securely over the internet. 

Last, federal security teams and data teams work together to develop data categories and security rules to automatically detect and ultimately block unauthorised access to sensitive information. 

This strategy places significant emphasis on stronger enterprise identity and access controls, including multi-factor authentication. Tightening access controls will require agencies to leverage data from different sources to make intelligent decisions, such as analysing device and user information to assess the security posture of all activity on agency systems. 

Categories:

ITInternet

Countries:

United States

Tags:

Government policy

Related Articles

UNITED STATES 6 JUN 2022

Perimeter 81 obtains USD 100 mln Series C funding led by B Capital

US cyber-security specialist Perimeter 81 completed a USD 100 million Series C funding round led by B Capital and is now valued at USD 1 billion. Participating investors include Insight Partners, Toba Capital, ION Crossover Ventures, Entree Capital and publicly traded Spring Ventures. The financing will support Perimeter 81's activities in the network security market by accelerating its growth, hiring and development. It has more than doubled its annual recurring revenue (ARR) year on year. 

UNITED STATES 19 MAY 2022

Redcom announces ZKX Solutions business unit for zero-trust operations

Redcom Laboratories announced the formation of a new independent business unit, ZKX Solutions, focusing on authentication for Zero Trust networks. The first release from ZKX Solutions is a robust authentication engine built on a foundation of zero-knowledge proofs. ZKX is meant to increase operational flexibility and instantly improve security, because no secrets are stored on the server or transmitted on the network.

UNITED STATES 13 APR 2022

Operational Technology Cybersecurity Coalition starts in the US

The Operational Technology Cybersecurity Coalition has formed in the US, bringing together the companies Nozomi Networks, Claroty, Forescout, Honeywell and Tenable. Each counts decades of experience in building, protecting and defending US industrial control systems and critical infrastructure assets. 

GLOBAL 16 MAR 2022

SentinelOne to acquire Attivo Networks for USD 617 mln

SentinelOne, an autonomous cybersecurity platform company, entered into a definitive agreement to acquire Attivo Networks, an identity security and lateral movement protection company. With this acquisition, SentinelOne said it extends its AI-powered prevention, detection, and response functionalities to identity-based threats, setting the standard for XDR and accelerating enterprise zero trust adoption. 

GLOBAL 10 MAR 2022

Cloud Security Alliance launches Zero Trust Advancement Center

The Cloud Security Alliance (CSA) announced the launch of the Zero Trust Advancement Center. This initiative is being made possible by CrowdStrike, Okta and Zscaler. The centre brings together several existing research and educational projects at CSA that will be disseminated online and through its global network of chapters. 

UNITED STATES 24 JAN 2022

FCC proposes fresh rules to improve broadband competition in buildings

The Federal Communications Commission (FCC) has made a proposal that it says will promote competition on the broadband services market, for people living and working in multiple tenant premises. If adopted, the measures in the Report and Order and Declaratory Ruling would help ensure tenants can choose their own provider, by stopping practices that have evaded long-existing FCC rules.

UNITED STATES 10 JAN 2022

NTIA calls for input on allocating new broadband funding from infrastructure law

The US government has started a public consultation on how to distribute new public broadband funding. The Department of Commerce's National Telecommunications and Information Administration (NTIA) called for public comment on a range of policy and program considerations associated with new broadband grant programs funded by the Infrastructure Investment and Jobs Act. These include the Broadband Equity, Access, and Deployment Program, the Enabling Middle Mile Broadband Infrastructure Program, and the State

UNITED STATES 12 NOV 2021

US tightens ban on sale on Huawei, ZTE network equipment

US President Joe Biden has signed legislation prohibiting companies deemed a threat to national security from selling telecom equipment in the US. The Secure Equipment Act, passed by both houses of Congress in October, will see the FCC extend a ban on suspect network equipment in federal-funded networks to cover also new equipment purchased with private or other public funds. The law targets products from Chinese suppliers such as Huawei, ZTE and Hytera, which are considered a risk to US security due to the

UNITED STATES 8 NOV 2021

US Infrastructure Act allocates USD 65 billion towards high-speed internet for all

The US House of Representatives passed the Infrastructure Investment and Jobs Act on 6 November. The bill will see the distribution of USD 1.85 trillion over ten years to a number of public works programmes, including the expansion of broadband internet. It now goes to President Joe Biden for signature.

UNITED STATES 23 SEP 2021

Lookout joins US govt project on zero-trust standards

Lookout announced that it's collaborating with US National Institute of Standards and Technology's National Cybersecurity Center of Excellence (NCCoE) in its 'Implementing a Zero Trust Architecture' project.

UNITED STATES 21 SEP 2021

US security agencies split on sanctions against Honor - report

US security agencies are divided over whether to place Honor, the smartphone maker spun off from Huawei, on the export blacklist, the Washington Post reports. It will be up to political leaders at the agencies to decide whether the Chinese company should face restrictions on doing business with US companies. 

UNITED STATES 26 AUG 2021

Google, Microsoft, Apple back US govt push for more cybersecurity awareness

The White House has confirmed a meeting between President Joe Biden and major corporate leaders to discuss ways to improve cybersecurity in the US. The summit resulted in several measures announced by Apple, Google, Microsoft and Amazon to improve security in the tech industry. 

UNITED STATES 26 AUG 2021

Google to invest USD 10 bln over next five years to strengthen cyber-security

Google has announced it will invest USD 10 billion over the next five years to strengthen cyber-security, including expanding zero-trust programmes, helping secure the software supply chain, and enhancing open-source security. The company will also invest in expanding the application of its Supply Chain Levels for Software Artifacts (SLSA) framework to protect the key components of open-source software widely used by many organisations. Google has in addition pledged to train 100,000 people in the US, throu

UNITED STATES 13 APR 2021

Biden government names Easterly head of cybersecurity agency

Jen Easterly has been nominated the new head of the US Cybersecurity and Infrastructure Agency. She helped develop Biden's cyber policy during the campaign and previously worked as Deputy for Counterterrorism at the National Security Agency. Most recently she worked at Morgan Stanley since 2017 leading its cyber defense strategy.

Just In

19 DEC 16:42

SLT-Mobitel launches 5G network in Sri Lanka

19 DEC 16:19

Dialog Axiata launches 5G network, connects 1.5 million subscribers

19 DEC 15:56

UK govt to ban AI-enabled nudification apps to protect women, girls

19 DEC 15:42

3 UK launches last-minute Christmas sale

Commentary

13:56

Video market set for slower growth ahead

11:38

Netflix buys Warner Bros to deepen content catalogue

11:11

KPN's mixed performance in Q3 raises questions for strategy day

15:26

Stock markets breaking records but what happened to Odido's IPO plans?

Background

01:04

The week in telecom: Wi-Fi bolt-ons take off to boost broadband growth, video market works on consolidation

01:39

The week in telecom: Netflix wins bidding for Warner Bros, Apple poaches new execs, Samsung debuts trifold

13:51

Proximus vs. Telenet: Proximus performs better in Q3 while Telenet uses up cash

14:16

Proximus Domestic still struggling with low margins

Complete profile

Before downloading the whitepaper, we would like to ask you to complete your profile with company and position. After confirming you will receive the white paper.