DRAFT FOR PUBLIC COMMENT
SUBJECT: Moving the U.S. Government Towards Zero Trust Cybersecurity Principles
AUTHOR: Office of Management and Budget
I.Overview
The United States Government faces increasingly sophisticated and persistent cyber threat campaigns that target its technology infrastructure, threatening public safety and privacy, damaging the American economy, and weakening trust in Government.
Every day, the Federal Government executes unique and deeply challenging missions: agencies safeguard our nation’s critical infrastructure, conduct scientific research, engage in diplomacy, and provide benefits and services for the American people, among many other public functions. To deliver on these missions effectively, our nation must make intelligent and vigorous use of modern technology and security practices, while avoiding disruption by malicious cyber campaigns.
Successfully modernizing the Federal Government’s approach to security requires a Government-wide endeavor. In May of 2021, the President issued Executive Order (EO) 14028, Improving the Nation’s Cybersecurity,[1] initiating a sweeping government-wide effort to ensure that baseline security practices are in place, to migrate the Federal Government to a zero trust architecture, and to realize the security benefits of cloud-based infrastructure while mitigating associated risks.
- ↑ Exec. Order No. 14028, 86 FR 26633 (2021). https://www.federalregister.gov/d/2021-10460
