This post is also available in: heעברית (Hebrew)

No more reliance on perimeter-based legacy firewalls to prevent breaches. Zero Trust is a significant departure from the traditional network security models. The Zero Trust Architecture security model assumes that “a breach is inevitable or has likely already occurred, so it constantly limits access to only what is needed and looks for anomalous or malicious activity.”  

Now, the entire US federal government should be able to make “meaningful progress” on implementing zero trust within the next three years, according to the Cybersecurity and Infrastructure Security Agency (CISA).

Nearly two months after President Joe Biden signed his cybersecurity executive order setting up multiple sprints for agencies to harden their security posture, a long-term vision for zero trust adoption across agencies is coming into focus.

For the first time, Zero Trust was referred to as a security requirement all federal agencies need to adopt and work by.

The program is expected to result in strategies and roadmaps that will build momentum on cyber policy through the rest of the Biden administration.

CISA, under the cyber executive order Biden signed in May, put out a zero trust maturity model that focused on the five pillars critical for agencies — identity, device, network, application workload and data.

Matt Hartman, CISA’s deputy executive assistant director for cybersecurity, said the transition toward zero trust will rely in part on agencies embracing automation solutions such as continuous validation and real-time machine learning analytics. “As agencies will transition toward optimal zero trust implementations, their solutions will become more automated, they’ll fully integrate across pillars, and they’ll become more dynamic in their policy enforcement decisions,” he said.

But with more than 100 civilian agencies of varying size and maturity levels, Hartman said the executive order avoids a one-size-fits-all approach moving to zero trust.

“For a lot of agencies, success will come down to starting small, not trying to boil the ocean at once, remaining agile,” he said.

Hartman said CISA in the fourth quarter of fiscal 2021 is focused on purchasing capabilities for agencies related to identity and access management. Deploying these capabilities through CDM and continuing to work on an enhanced version of EINSTEIN One, which will bring in a richer set of threat indicators, according to