Skip to main content
U.S. flag

An official website of the United States government

Dot gov

The .gov means it’s official.
Federal government websites often end in .gov or .mil. Before sharing sensitive information, make sure you’re on a federal government site.

Https

The site is secure.
The https:// ensures that you are connecting to the official website and that any information you provide is encrypted and transmitted securely.

Zero Trust and Improving the Nation's Cybersecurity

Zero Trust and Improving the  Nation's Cybersecurity icon

Overview

In May 2021, the Biden Administration issued an executive order aimed at enhancing the nation's cybersecurity. Despite being issued over a year and a half ago, the significance of this order remains paramount even today.

Executive Order (EO) 14028 mandates a significant shift in how the US federal government approaches cybersecurity. A key pillar of this initiative is the adoption of a Zero Trust security model.

Zero Trust is a security approach, with the core principle of Never trust, always verify." It assumes no user, device, or service is inherently trustworthy, even if they're already inside the government network and every attempt to access data or systems requires rigorous verification, regardless of location or apparent origin.

Zero Trust is a significant shift in how governments approach cybersecurity. It's a complex process, not a one-time fix. There is no single technology, product, or service that can achieve the goals of implementing a ZTA, it requires a multi-faceted approach.

CISA's Zero Trust Maturity Model Pillars

CISA's Zero Trust Maturity Model Pillars
search-icon
CISA's Zero Trust Maturity Model Pillars

Zero Trust principles become even more critical due to the interconnected nature of modern supply chains and the potential risks posed by third-party vendors, suppliers, and partners. Supply chain attacks, where adversaries target the weakest link in the supply chain to infiltrate a target organization, have become increasingly prevalent and damaging in recent years. Therefore applying Zero Trust principles to the supply chain, organizations can mitigate the risks associated with third-party dependencies and enhance their resilience against supply chain attacks.

Video Highlights

Intended Takeaways

  • Zero Trust is a security framework that assumes that threats can originate from both internal and external sources, and thus, trust should not be automatically granted to any entity.
  • Successfully implementing Zero Trust is a comprehensive approach that emphasizes continuous verification, strict access controls, and least privilege principles.
  • By applying Zero Trust principles to the supply chain, organizations can mitigate the risks associated with third-party dependencies and enhance their resilience against supply chain attacks.

Contributors and Partners

Rosa Underwood profile image

Rosa Underwood

Ms. Rosa Underwood is an IT Specialist in the IT Security Subcategory within Information Technology Category (ITC), Federal Acquisition Service (FAS), supporting the transition to a more modernized and resilient infrastructure. She also contributes to GSA initiatives for the adoption and integration of cybersecurity into the acquisitions process to help strengthen the resiliency of the Supply Chain, Government-wide.

About ITVMO

The Information Technology Vendor Management Office (ITVMO) serves as a trusted advisor and advocate for Federal IT acquisitions. Established in October 2020 within the Governmentwide Category Management Framework by the Office of Management and Budget (OMB), the ITVMO aims to address the challenges faced by agencies in IT vendor relationship management, including standardizing technical requirements, mitigating cyber-risk, improving data quality, and leveraging the government's buying power to drive improvements and business transformation. The ITVMO's mission is to provide agencies with meaningful intelligence to inform and support faster, smarter IT buying decisions. It operates within the Federal IT Acquisitions Ecosystem, collaborating with various stakeholders, including agency IT buyers, vehicle solution holders, federal and industry partners, and suppliers (and resellers). Visit our website today!

Was this helpful? What else would you like to know about?

Help us to unite buyers, vehicles, and suppliers to make smarter, faster IT acquisitions.