Education CISO Sees Zero Trust as Key to Improved CX
Identity management remains a focal point for the agency as it enters the second phase of its zero-trust migration plan.
The Department of Education’s zero-trust architecture implementation plan prioritizes enhancing the user experience for both employees and the public, CISO Steven Hernandez told GovCIO Media & Research on CyberCast while discussing the agency’s strategy.
The White House cybersecurity executive order requires agencies to have strong identity management and to implement multi-factor authentication and encryption for data, both at rest and in transit throughout their systems.
Hernandez said a primary undertaking has been to create a process for identity proofing, when an employee provides information about their identity to establish their known identity to access agency infrastructure, like a personal identity verification (PIV) card.
“If you’re working in the federal government, if you’re an employee or a contractor working directly with us, we want you to have a very high level of identity proofing,” Hernandez said. “Usually that happens when we get our badge or our PIV. We bring two forms of ID with us. We put down biometric fingerprints, and we have our photo taken. And all of that gets matched up to say, ‘OK, we have a very strong opinion that Steven is who he claims to be.’ Then, our goal is to then use that identity as the prime identity for any system access.”
The successor to the executive order, the Office of Management and Budget’s memorandum 22-09, also calls on agencies to secure public-facing systems by offering citizens the same level of authentication as federal employees. This would give citizens choices as to how strong they want their interaction with the government to be.
“We want people to say if they need something from the government, they can go to Login.gov, log in with their strong identity and authenticator and then have the ability to request access to multiple government systems,” Hernandez said. “If we give them a single front door with a single strong way to get in and access it, we’re going to win every time.”
Identity proofing is also a focus for the agency for its citizen-facing services. Hernandez said the technology allows citizens to use a camera for a higher level of identity proofing.
“We can’t get up to the highest levels, but the intermediate levels of proofing we can do through a camera. Goal one is to make that available as kind of the first right,” Hernandez said. “If we can keep people in the comfort of their home or wherever they want to be, that’s what we want to do.”
Hernandez cited a pilot between the U.S. Postal Service and the General Services Administration to offer identity proofing solutions at post offices.
“Even Congress has taken notice of this, and there’s been some proposed legislation that authorizes the post office under law to do identity proofing and collect funds for it and also issue authenticators,” Hernandez said. “This is exactly the direction we should be going as a modern digital society.”
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
Preparing for the Future Cyber Landscape
CISA, CFPB and Rubrik discuss how they’re building cybersecurity best practices and developing their workforces to prepare for the future threat landscape and bolster cyber resilience.
30m watch -
VA Secretary Praises World-Class Presidential Transition Efforts
Secretary Denis McDonough said his team has provided tools for the Trump administration to tackle community care and EHR modernization.
4m read -
Mission Daybreak Tech Aims to Reduce Veteran Suicides
The VA’s Mission Daybreak grant program has developed innovative technologies to help VA providers reduce veteran suicides.
4m read -
HUD’s New CIO Focuses on AI, Zero Trust
HUD's new CIO Sairah Ijaz is focusing on implementing artificial intelligence and zero trust to mature and secure the agency's IT framework.
4m read