New report promotes Zero Trust Security

New report promotes Zero Trust Security

Silverfort, photo illus. network cyber by Pixabay
photo illus. network cyber by Pixabay

This post is also available in: heעברית (Hebrew)

A zero-trust approach is an approach in the field of IT and cyber security defining access to the design and deployment of IT networks. As part of the approach, devices cannot be trusted by default, so it advocates mutual authentication regardless of location and only approves access to applications and services if the devices’ identity and health are verified.

A recent report by the National Security Telecommunications Advisory Council recommended the zero-trust approach should be fully tested. While most U.S. federal agencies are examining the approach, planning needs to be expanded and long-term goals should be set. A report sent to President Biden late last month offers specific recommendations that outline how zero trust can be implemented across government and industry, and argues that its implementation represents not just a technological shift but also a shift in how we view cybersecurity as a whole.

Federalnewsnetwork.com reports that one of the recommendations in the report is to establish a civilian zero trust program office under the Cybersecurity and Infrastructure Security Agency. Implementation guidance, reference architectures, capability catalogs, training modules, and an excellence center of government-wide knowledge management will be available from this office. A Civilian equivalent of the Defense department’s zero-trust approach (Department Zero Trust Program Office), the two offices will coordinate and collaborate on all practice matters.

The report also calls for the U.S. government to develop more mature standards along with consolidated guidelines concerning the zero-trust approach and to increase collaborations with the industry and international standards bodies in order to come up with uniform and consistent standards.

These standards are vital for measuring and determining whether regulations need to be revised, or whether the program is progressing as expected. Also, the government will be able to evaluate the success of various initiatives by using the standards it establishes.