The Cybersecurity and Infrastructure Security Agency (CISA) is establishing the Zero Trust Initiative Office. This new office is specifically designed to aid federal agencies in adopting and implementing zero trust security principles, aligning with the Biden administration’s overarching push towards the widespread adoption of this cybersecurity framework.
Sean Connelly, CISA’s Senior Cybersecurity Architect and Trusted Internet Connections Program Manager, announced the initiative during a recent summit. The primary objective of the Zero Trust Initiative Office is to provide federal agencies with more comprehensive training and resources, ensuring a robust implementation of zero trust security principles.
Connelly highlighted that the office is collaborating with various organizations to offer extensive training programs. Additionally, the initiative includes in-house training sessions conducted with multiple agencies, alongside the provision of playbooks and guidance for agencies seeking to transition to a zero trust model.
The key features of the Zero Trust Initiative Office encompass expanded training on zero trust principles, a focus on identifying necessary skills and knowledge for successful architecture implementations, and the development of playbooks building upon existing CISA resources like the Zero Trust Maturity Model and Trusted Internet Connections 3.0.
Community building and collaboration are crucial components of the initiative, fostering relationships with interagency partners and the broader IT community. The establishment of two zero trust interagency working groups, centred on practitioners and network modernization, is set to promote collaboration and knowledge-sharing.
The office will also play a pivotal role in assessing agencies’ zero trust maturity. Working in conjunction with the Office of Management and Budget (OMB), CISA aims to guide agencies through the stages outlined in its Zero Trust Maturity Model, which includes the new “Initial” maturity stage.
Zero trust security involves restricting access to data, networks, and infrastructure to the minimum required, with continuous verification of access legitimacy. Recognizing that organizations embark on their zero trust journey from diverse starting points, the updated Zero Trust Maturity Model introduces the “Initial” stage, acting as a guide to assess maturity for each pillar.
Furthermore, CISA, OMB, and other stakeholders will collaborate to develop metrics and benchmarks tracking agencies’ progress toward zero trust maturity. The establishment of CISA’s dedicated zero trust-focused office aligns with the principles outlined in the National Institute of Standards and Technology’s “Zero Trust Architecture” publication, OMB’s zero trust strategy, and a 2021 executive order emphasizing cybersecurity measures.
