The US Office of Management and Budget (OMB) today published details of a government-wide strategy for adopting zero-trust architecture principles across federal agency networks.
Agencies are required to adopt specific standards and security practices by fiscal year 2024 that encompass the security of user identities, devices, networks, applications, and data. These include multifactor authentication, full accounting of all devices authorized for use in government, encrypting all DNS and HTTP traffic, regular security testing of all applications, and adoption of data categorization and cloud security services to monitor data access.
"This strategy is a major step in our efforts to build a defensible and coherent approach to our federal cyber defenses," said National Cyber Director Christopher Inglis in a statement. "We are not waiting to respond to the next cyber breach. Rather, this Administration is continuing to reduce the risk to our nation by taking proactive steps towards a more resilient society."
Details of the feds' new zero-trust strategy was issued in a memorandum by OMB.