Government Moves to Implement Comprehensive Zero Trust Security

The federal government is making concrete steps to implement zero trust across major agencies following last year’s cybersecurity executive order.
Speaking at the GovCIO Media & Research Cyberscape: ID forum, OMB Senior Advisor on Technology and Cybersecurity to the Federal CIO Eric Mill outlined the steps agencies have taken to protect against an evolving threat environment.
At its core, zero trust involves moving beyond a network perimeter-based approach to data protection and implementing a greater focus on user credentialism and authentication to either stop or diminish the reach severity of unwanted access.
Mill noted this requires anticipating that some form of network breach is potentially inevitable, and designing your approach to security around staunching the harm from malicious actors.
“What we lay out in the strategy is taking seriously this concept of least privilege, of untrusted networks, and of just fundamentally assuming compromise at some level. Assuming that pieces of your organization, your network, your devices, your applications, any piece of them could be compromised and designing your enterprise architecture to expect that,” Mill said.
While the executive order emphasizes these kind of baseline standards, it has also left considerable room for agencies to build their own cybersecurity strategy that reflects their own IT systems and access concerns.
“We do have a number of mandatory requirements in this … but it leaves a lot of flexibility within that as agencies undergo enterprise architecture reform to decide how they’re going to meet some of those things, and ultimately how they’re going to structure their enterprise,” Mill said.
Mill outlined that the executive order, and the federal government’s subsequent move towards embracing zero trust, was based on a response to recent large-scale network breaches that revealed the flaws of America’s public sector cybersecurity.
“A number of the things that led to this were in the news pretty widely. The cybersecurity Executive Order followed in short order from the Colonial Pipeline attack, and before that, the SolarWinds attack,” Mill said.
The core lesson of these attacks for policymakers and agency technologists is that not all breaches can be predicted or fully stopped against, and that instating forms of security beyond the network periphery will block malicious actors from using this unwanted access to push into adjacent networks as occurred during the Solar Winds incident.
“We won’t predict all of these attacks in advance. What it means to protect from an advanced supply chain attack as we saw with SolarWinds involves protecting one of your network boxes from being popped and then using that to rummage around other things that are inside your organization.” Mill said.
Agencies have instead moved towards an identity-based approach to cybersecurity, particularly as a means of limiting the harm of network breach.
“The identity pillar is the first pillar in our strategy. It’s sort of the first among equals because it is the foundation of much of what you can do. Some people describe zero trust as moving your new boundary to identity instead of your network router or your perimeter,” Mill said.
Going forward, Mill recommended federal agencies examine other potential vulnerabilities – including noting the potential access points in applications that are used across disparate organizations.
“Analyzing application vulnerabilities is going to be very critical for authentication systems, and I think is probably one of the places where folks are going to focus the most effort,” Mill said.
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
Data Transparency Essential to Government Reform, Rep. Sessions Says
Co-Chair of the Congressional DOGE Caucus Rep. Pete Sessions calls for data sharing and partnerships to reduce waste and improve efficiency.
5m read -
DOD Turns to Skills-Based Hiring to Build Next-Gen Cyber Workforce
Mark Gorak discusses DOD’s efforts to build a diverse cyber workforce, including skills-based hiring and partnerships with over 480 schools.
20m listen -
AI Foundations Driving Government Efficiency
Federal agencies are modernizing systems, managing risk and building trust to scale responsible AI and drive government efficiency.
40m watch -
Trump Executive Order Boosts HBCUs Role in Building Federal Tech Workforce
The executive order empowers HBCUs to develop tech talent pipelines and expand access to federal workforce opportunities.
3m read -
Navy Memo Maps Tech Priorities for the Future Fight
Acting CTO’s memo outlines critical investment areas, from AI and quantum to cyber and space, as part of an accelerated modernization push.
5m read -
DOD Can No Longer Assume Superiority in Digital Warfare, Officials Warn
The DOD must make concerted efforts to address cyber vulnerabilities to maintain the tactical edge, military leaders said at HammerCon 2025.
4m read -
New NSF Program Cultivates the Future of NextG Networks
The agency’s new VINES program looks to tackle key challenges like energy efficiency and future-proofing wireless tech.
21m watch -
Marine Corps Operation StormBreaker Slashes Software Delivery Timelines by 17x
New program aims to deliver critical digital capabilities to warfighters at the "speed of relevance" by overhauling traditional processes.
4m read -
Tracking CIOs in Trump's Second Term
Stay informed on the latest shifts in federal technology leadership as new CIOs are appointed and President Trump's second term takes shape.
6m read -
DHA CDAO Spearheads Master Data Catalog to Boost Transparency
Jesus Caban plans to boost DHA's data maturity through a new master data catalog, governance frameworks and inventory of tech tools.
5m read -
IHS Prepares to Deploy PATH EHR at Pilot Sites in 2026
IHS targets PATH EHR pilot in 2026, emphasizing governance, collaboration and interoperability as key pillars of the modernization strategy.
4m read -
Trump Orders Spark Government-Wide Acquisition Overhaul
As Trump pushes for a faster, simpler procurement system, agencies are leveraging AI and adapting strategies to meet new requirements.
5m read