Agencies Are Overhauling Security; Others Focus on Specific Goals
Such collective efforts got a boost last April when the Cybersecurity and Infrastructure Security Agency published version 2.0 of its Zero Trust Maturity Model. The model offers agencies a comprehensive blueprint for implementing zero trust principles across five “pillars,” but leaves it to agencies to establish their own particular path to meeting zero-trust goals.
“Federal agencies find themselves at various stages of zero-trust implementation,” says Michael Duffy, associate director for capacity building in CISA’s cybersecurity division. “The model has accelerated diverse responses, with some agencies opting for comprehensive overhauls of their architectures and cybersecurity posture. Other agencies are adopting a more focused strategy, concentrating on modernizing specific pillars.”
Duffy says agencies have trended toward prioritizing identity solutions, especially as they aim to bolster their overall security posture while creating a seamless digital experience for employees, citizens and agency partners. Many are also focused on data tagging and categorization.
“As agencies continue to migrate toward zero-trust architectures, their mindsets must shift to a data-centric approach to cybersecurity,” Duffy says. “This is the pillar where we have the most to improve.”