Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • The Security Leadership Issue
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireCybersecurity News

White House instructs agencies to adopt zero trust approach to cybersecurity

By Maria Henriquez
white-house-freepik1170x658.jpg
January 27, 2022

The White House has instructed federal agencies to officially move towards a zero trust approach to cybersecurity to reduce the risk of cyberattacks against the government’s digital infrastructure.


The federal strategy, released by the Office of Management and Budget (OMB), represents a crucial step in delivering on President Biden’s Executive Order on Improving the Nation’s Cybersecurity. 


Zero trust will help agencies detect, isolate, and respond to different types of threats more rapidly. By detailing a series of specific security goals for agencies, the new strategy will serve as a comprehensive roadmap for shifting the federal government to a new cybersecurity paradigm that will help protect public safety, privacy and infrastructure. While the concept behind zero trust is not new, the implications of shifting away from “trusted networks” are new to most enterprises, including many agencies, the OMB said. 


The strategy requires agencies to meet specific cybersecurity standards and objectives by the end of 2024. In addition, the strategy places a significant emphasis on stronger enterprise identity and access controls, including multi-factor authentication (MFA), and envisions a government where: 


  • Federal staff have enterprise-managed accounts, allowing them to access everything they need to do their job while remaining reliably protected from even targeted, sophisticated phishing attacks.
  • The devices that federal staff use to do their jobs are consistently tracked and monitored, and the security posture of those devices is taken into account when granting access to internal resources.
  • Agency systems are isolated, and the network traffic flowing between and within them is reliably encrypted.
  • Enterprise applications are tested internally and externally and can be made available to staff securely over the internet.
  • Federal security teams and data teams work together to develop data categories and security rules to automatic.


“Security is the cornerstone of our efforts to build exceptional digital experiences for the American public,” said Federal Chief Information Officer Clare Martorana. “Federal agency CIOs and IT leadership are leaning into this challenge, and the zero trust strategy provides a clear roadmap for deploying technology that is secure by design and responsive to the needs of our workforce so they can better deliver for the American public.”


The strategic goals established by the OMB align with the Cybersecurity and Infrastructure Security Agency (CISA) ’s five pillars:


1. Identity: Agency staff use enterprise-managed identities to access the applications they use in their work. Phishing-resistant MFA protects personnel from sophisticated online attacks.

2. Devices: The federal government has a complete inventory of every device it operates and authorizes for government use, and can prevent, detect, and respond to incidents on those devices.

3. Networks: Agencies encrypt all DNS requests and HTTP traffic within their environment and begin executing a plan to break down their perimeters into isolated environments.

4. Applications and Workloads: Agencies treat all applications as internet-connected, routinely subject their applications to rigorous empirical testing, and welcome external vulnerability reports.

5. Data: Agencies are on a clear, shared path to deploy protections that make use of thorough data categorization. Agencies are taking advantage of cloud security services to monitor access to their sensitive data and have implemented enterprise-wide logging and information sharing.


Lucas Budman, CEO, TruU, explains, “The initial step in any successful zero trust strategy should focus on granting access by verifying the person requesting access, understanding the context of the request, and determining the risk of the access environment. This never trust, always verify, enforce least privilege approach provides the greatest security for organizations. It’s also important in a zero trust construct to recognize that devices that access data (laptops, desktops, mobile devices) have identities, as well. You must understand the device’s posture when accessing the network to provide proper device-level authentication and authorization. If the user only has access to non-sensitive or public information, the enterprise may not care that their device might have malware; however, if the user is trying to access sensitive financial or customer data, access should only be given to those devices that are managed, trusted and protected. In any case, simultaneous device risk data and identity authentication allow users to implement policies that respond to potential threats as they happen by stepping up identity verification on compromised endpoints and limiting access to high-value assets associated with those endpoints.”


“As part of any digital transformation, zero trust networks should be a key initiative that focuses on securing resources (data, identities, and services), rather than securing physical networks,” explains Anurag Gurtu, CPO, StrikeReady. “By focusing on tailored controls around sensitive data stores, applications, systems, and networks, the zero trust model shifts the focus away from varying types of authentication and access controls. The zero trust initiative should be supported by other key initiatives such as modernizing the security operations as well as uniting and empowering cyber defenders. Without one of these, an organization’s security will be shaky at best.”


OMB and CISA will work with agencies throughout zero trust implementations to capture best practices, lessons learned and additional agency guidance on a jointly maintained website at zerotrust.cyber.gov.

KEYWORDS: cyber security risk management White House strategy zero trust

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Maria Henriquez is a former Associate Editor of Security. She covered topics including cybersecurity and physical security, risk management and more.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Security Enterprise Services
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cybersecurity
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Cybersecurity
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

  • Duty of Care
    Sponsored byAMAROK

    Integrating Technology and Physical Security to Advance Duty of Care

Popular Stories

Coding

AI Emerges as the Top Concern for Security Leaders

Half open laptop

“Luigi Was Right”: A Look at the Website Sharing Data on More Than 1,000 Executives

Shopping mall

Victoria’s Secret Security Incident Shuts Down Website

Laptop with coding on ground

Stepping Into the Light: Why CISOs Are Replacing Black-Box Security With Open-Source XDR

Gift cards and credit cards

Why Are Cyberattacks Targeting Retail? Experts Share Their Thoughts

2025 Security Benchmark banner

Events

June 24, 2025

Inside a Modern GSOC: How Anthropic Benchmarks Risk Detection Tools for Speed and Accuracy

For today's security teams, making informed decisions in the first moments of a crisis is critical.

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

From animal habitats to bustling crowds of visitors, a zoo is a one-of-a-kind environment for deploying modern security technologies.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • cybercamera

    Why Financial Services Must Adopt a Zero Trust Approach to Cybersecurity

    See More
  • Five hands circled together

    The new normal: How to embrace a cultural approach to zero trust

    See More
  • Computer keyboard

    NIST & zero trust: What federal agencies can learn from the private sector

    See More

Related Products

See More Products
  • databasehacker

    The Database Hacker's Handboo

See More Products

Events

View AllSubmit An Event
  • September 3, 2024

    From DDoS Protection to WAAP: How Layered Protection Enhances Your Cybersecurity Strategy

    ON DEMAND: By participating in the webinar, attendees will gain enhanced knowledge of cyber threats and understand the current spectrum of cyber threats facing businesses.
  • March 6, 2025

    Why Mobile Device Response is Key to Managing Data Risk

    ON DEMAND: Most organizations and their associating operations have the response and investigation of computers, cloud resources, and other endpoint technologies under lock and key. 
View AllSubmit An Event
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing