The White House has released its federal zero trust strategy, which will require agencies to meet certain cybersecurity standards and objectives by the end of fiscal 2024.
According to Security Week, the strategy builds upon the executive order signed by President Biden in May 2021 to improve the cyber defences of the US.
When a zero-trust model is introduced, no user, system, service or network that operates inside or outside the security perimeter is trusted and every access attempt must be verified.
The memorandum from the Office of Management and Budget will require agencies to hit certain goals by the end of 2024. Security Week noted that these goals focus on identity, devices, networks, applications, and workloads.
Furthermore, agency staff will be mandated to use enterprise-managed identities to access work applications and use phishing-resistant multi factor authentication. Agencies will have to have a complete inventory of devices and visibility into those devices for incident prevention, response and detection.
Government agencies will also be required to encrypt traffic on their networks and implement network segmentation. Applications will be required to be routinely tested and agencies are advised to welcome external vulnerability reports.
In addition, access to sensitive data will need to be monitored and enterprise-wide logging and information sharing systems must be implemented.
Copyright © 2022 FinTech Global
