Moving the U.S. Government Towards Zero Trust Cybersecurity Principles - Draft for Public Comment/Purpose
II.Purpose
In the current threat environment, the Federal Government can no longer depend on perimeter-based defenses to protect critical systems and data. Meeting this challenge will require a major paradigm shift in how Federal agencies approach cybersecurity.
As described in the Department of Defense Zero Trust Reference Architecture,[1] “The foundational tenet of the Zero Trust Model is that no actor, system, network, or service operating outside or within the security perimeter is trusted. Instead, we must verify anything and everything attempting to establish access. It is a dramatic paradigm shift in philosophy of how we secure our infrastructure, networks, and data, from verify once at the perimeter to continual verification of each user, device, application, and transaction.”
This strategy envisions a Federal zero trust architecture that:
- Bolsters strong identity practices across Federal agencies;
- Relies on encryption and application testing instead of perimeter security;
- Recognizes every device and resource the Government has;
- Supports intelligent automation of security actions; and
- Enables safe and robust use of cloud services.
- ↑ “Department of Defense (DOD) Zero Trust Reference Architecture,”
https://dodcio.defense.gov/Portals/0/Documents/Library/(U)ZT_RA_v1.1(U)_Mar21.pdf
This work is in the public domain in the United States because it is a work of the United States federal government (see 17 U.S.C. 105).
Public domainPublic domainfalsefalse