The Keys to Implementing Zero Trust are People, Process, Tech
Partnerships with private sectors and user-centric frameworks are key to defending against cyber adversaries.

Agencies must holistically invest in a strategic model, like the “people, process, technology” framework when implementing asset management and zero-trust architecture to successfully defend against cyberthreats and enhance overall resilience, government leaders said during a FedInsider webinar.
“I always use the framework because change adoption and user acceptance are very important when cybersecurity fields are implementing a change,” said Bureau of Engraving and Printing (BEP) Acting Deputy Director and Chief Administrative Officer Harry Singh. “We’re in the process of implementing zero trust excellence, so as we deploy tools, it’s always going to be user-centric planning with feedback mechanisms.”
Singh said it’s imperative to educate users, instruct the impact of the change, gather feedback and embrace emerging challenges as opportunities instead of setbacks. He added that creating a situational awareness program will always result in positive output.
As agencies integrate cyber asset management practices, federal government partnerships with the private sector can be instrumental in establishing security standards for software development.
“It’s quite a challenge, but whether it’d be with public or private corporations, we must look at how we can all buy into the same policies and concepts to reduce risks,” said Government Accountability Officer CISO Mark Canter. “It’s a group effort and it goes into the ‘see something, say something’ slogan. As we move forward, everyone must understand risks, not just for their specific responsibilities, but for the larger risk of the organization.”
“When establishing security standards for software development, maybe we can have a software-secure label, just like we have an FDA-approved drug label,” Singh added.
According to the Cybersecurity and Infrastructure Security Agency (CISA), the five pillars of zero trust architectures are identity, device, application workload and data. Singh emphasized that neglecting any one of these pillars may likely result in an incomplete model.
The core of BEP’s approach to maintain visibility across their network and improve threat detection and response is leveraging the three W’s of zero trust: who’s accessing the network, what actions are they performing, and where on the network can they be found, Singh said.
“Our primary strategies focus on the management of identity and data, but answering all of these questions in real time is crucial and represents your agency’s current stage,” Singh said. “I’ve learned in this zero-trust journey that it’s very important to choose tools that integrate well with our existing architecture.”
This is a carousel with manually rotating slides. Use Next and Previous buttons to navigate or jump to a slide with the slide dots
-
The Next AI Wave Requires Stronger Cyber Defenses, Data Management
IT officials warn of new vulnerabilities posed by AI as agencies continue to leverage the tech to boost operational efficiency.
5m read -
Federal CIOs Push for ROI-Focused Modernization to Advance Mission Goals
CIOs focus on return on investment, data governance and application modernization to drive mission outcomes as agencies adopt new tech tools.
4m read -
DOD Can No Longer Assume Superiority in Digital Warfare, Officials Warn
The DOD must make concerted efforts to address cyber vulnerabilities to maintain the tactical edge, military leaders said at HammerCon 2025.
4m read -
Tracking CIOs in Trump's Second Term
Stay informed on the latest shifts in federal technology leadership as new CIOs are appointed and President Trump's second term takes shape.
6m read -
Inside Oak Ridge National Lab’s Pioneer Approach to AI
Energy Department’s Oak Ridge National Lab transforms AI vulnerabilities into strategic opportunities for national defense.
22m listen -
AWS Summit: Innovation Accelerates IT Delivery at DOD
Marine Corps Community Services is tackling outdated IT processes with agile development and cutting-edge cloud security to deliver mission-critical capabilities faster.
12m watch -
AWS Summit: NIST Secures High-Performance Computing Against Evolving Threats
NIST’s Yang Guo reveals the broad attack surface of high-performance computing and explains developing guidance and future-proofing security strategies.
9m watch -
Trump Overhauls Federal Cybersecurity with New Executive Order
The new directive aims to strengthen digital defenses while rolling back "burdensome" software requirements and refocusing AI security.
3m read -
AWS Summit: Forging Successful Cloud Modernization Partnerships
Industry leaders share insights on the critical role industry partnerships have in enabling government agencies to navigate procurement challenges for cloud and zero trust solutions.
24m watch Partner Content -
CISA's CVE Program and Why it Matters for Zero Trust
The vulnerability program provides the cybersecurity community visibility into software as part of a key pillar of CISA's zero trust model.
5m read -
Air Force, Coast Guard Talk Data Security Efforts for AI Development
The services' AI initiatives include efforts like creating clean training data, countering data poisoning and bridging siloed teams.
4m read -
DHS Secretary Urges Congress to Reauthorize CISA 2015
Federal leaders highlight CISA 2015's role in strengthening public-private partnerships and defending against evolving cyber threats.
3m read