Zero Trust and Improving the Nation's Cybersecurity
Overview
In May 2021, the Biden Administration issued an executive order aimed at enhancing the nation's cybersecurity. Despite being issued over a year and a half ago, the significance of this order remains paramount even today.
Executive Order (EO) 14028 mandates a significant shift in how the US federal government approaches cybersecurity. A key pillar of this initiative is the adoption of a Zero Trust security model.
Zero Trust is a security approach, with the core principle of Never trust, always verify." It assumes no user, device, or service is inherently trustworthy, even if they're already inside the government network and every attempt to access data or systems requires rigorous verification, regardless of location or apparent origin.
Zero Trust is a significant shift in how governments approach cybersecurity. It's a complex process, not a one-time fix. There is no single technology, product, or service that can achieve the goals of implementing a ZTA, it requires a multi-faceted approach.
CISA's Zero Trust Maturity Model Pillars
Zero Trust principles become even more critical due to the interconnected nature of modern supply chains and the potential risks posed by third-party vendors, suppliers, and partners. Supply chain attacks, where adversaries target the weakest link in the supply chain to infiltrate a target organization, have become increasingly prevalent and damaging in recent years. Therefore applying Zero Trust principles to the supply chain, organizations can mitigate the risks associated with third-party dependencies and enhance their resilience against supply chain attacks.
Video Highlights
Intended Takeaways
- Zero Trust is a security framework that assumes that threats can originate from both internal and external sources, and thus, trust should not be automatically granted to any entity.
- Successfully implementing Zero Trust is a comprehensive approach that emphasizes continuous verification, strict access controls, and least privilege principles.
- By applying Zero Trust principles to the supply chain, organizations can mitigate the risks associated with third-party dependencies and enhance their resilience against supply chain attacks.
Contributors and Partners
Rosa Underwood
Ms. Rosa Underwood is an IT Specialist in the IT Security Subcategory within Information Technology Category (ITC), Federal Acquisition Service (FAS), supporting the transition to a more modernized and resilient infrastructure. She also contributes to GSA initiatives for the adoption and integration of cybersecurity into the acquisitions process to help strengthen the resiliency of the Supply Chain, Government-wide.
Additional Resources
Executive Order on Improving the Nation’s Cybersecurity
OMB’s Federal Zero Trust Strategy
About ITVMO
The Information Technology Vendor Management Office (ITVMO) serves as a trusted advisor and advocate for Federal IT acquisitions. Established in October 2020 within the Governmentwide Category Management Framework by the Office of Management and Budget (OMB), the ITVMO aims to address the challenges faced by agencies in IT vendor relationship management, including standardizing technical requirements, mitigating cyber-risk, improving data quality, and leveraging the government's buying power to drive improvements and business transformation. The ITVMO's mission is to provide agencies with meaningful intelligence to inform and support faster, smarter IT buying decisions. It operates within the Federal IT Acquisitions Ecosystem, collaborating with various stakeholders, including agency IT buyers, vehicle solution holders, federal and industry partners, and suppliers (and resellers). Visit our website today!
