DHS Releases Zero-Trust Implementation Strategy
The strategic approach recalls previous efforts made by the agency and highlights five key areas of focus for agency components.
The Department of Homeland Security (DHS)’s zero-trust implementation strategy released last week outlines five areas for how the agency plans to implement zero trust architecture.
“Much of the work of implementing zero trust, for any organization, is just work. It does not involve procuring or installing new technology, but may (and usually will) involve integrating and using existing technology in new ways, consistent with zero trust principles,” according to the plan.
The strategy highlights five main areas of focus: building on foundational efforts, standardization and interoperability, enterprise services, accelerators and governance. By focusing on the areas together, DHS plans to protect department resources, stabilize cybersecurity efforts and accelerate mission outcomes.
Although the strategy is dated October 2023, the agency underwent a process to get it released last week, DHS National Security Cyber Division Director Don Yeske clarified in a LinkedIn post.
For the past several years, DHS has been working on implementing zero-trust architecture across multiple departments, including U.S. Customs and Border Protection.
“Notable achievements in the first several years of DHS’ zero trust journey include establishing a cloud security gateway now used by most of the department in lieu of virtual private networks, implementing multi-factor authentication and data encryption in-transit and at-rest across almost all DHS systems, and integrating identity and device management solutions that are essential for further zero trust implementation efforts,” according to the strategy.
DHS plans to measure the success of this strategy by monitoring customer experience and operation resiliency, two things government agencies have been focusing on after a 2021 executive order to transform the government customer experience and a 2021 executive order on cybersecurity.
The strategy also emphasizes that it’s not a plan, but rather a framework to ensure the planning, execution and measurement of implementing zero trust across the agency.
“It is intended to guide the decisions and actions of DHS headquarters and components to achieve reinforcing effects, accelerate implementations, and help assure success,” the document reads. “Updates to this strategy, along with further guidance and direction aligned with this strategy, will be issued as needed through the CISO Council and other governing bodies.”
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
DOD Has a New Cyber Resiliency Assessment Program
Defense officials tout the continuous assessment feature and scalability of the new program amid increased cyber threats.
5m read -
Cyber Resilience and Recovery Amid Evolving Cyber Threats
Data durability is a key aspect of NIST’s cybersecurity framework for public and private organizations.
21m listen -
How TMF is Helping Agencies Accelerate Tech Modernization
The program launched a new AI pilot to expedite TMF applications as agency leaders urge more to consider applying for funds.
4m read -
Energy Researchers Aim For Holistic Approach to AI Issues
A new center at the Oak Ridge National Laboratory is looking at under-researched areas of AI to better understand how to secure it.
2m read