The release of the Office of Management and Budget’s (OMB) Federal zero trust strategy earlier this year has put agencies into planning mode to meet new cybersecurity requirements. Some agencies already had a head start on zero trust, as they were working towards it as part of their modernization strategy under the Modernizing Government Technology Act. And while it sounds like a lot to budget and plan for, these two initiatives can complement one another.
Federal zero trust strategy
The zero trust strategy issued by the Office of Management and Budget (OMB) in January 2022 started with Executive Order 14028 issued by President Biden in May 2021 to improve the nation’s cybersecurity. Zero trust was just one of many topics in the Executive Order, which also included improving threat information sharing, software supply chain security, and incident detection and remediation. (1)
The OMB’s zero trust architecture strategy includes several objectives that must be met by the end of the fiscal year 2024 and strategic goals around identity, devices, networks, applications and workloads, and data that align with the zero trust model developed by the Cybersecurity and Infrastructure Security Agency (CISA). It also emphasizes stronger enterprise identity and access controls and moving away from traditional trusted networks. (2)
Modernizing Government Technology Act (MGTA)
This bill, signed in late 2017, authorized agency CFOs to establish an IT system modernization and working capital fund to improve, retire, or replace existing systems, including migrating to the cloud, to improve efficiency and security. It also created a Technology Modernization Fund (TMF) to help provide the money to make those improvements happen. (3) The TMF received additional funding in 2021 as part of the American Rescue Plan. (4)
While initial plans have already been submitted to comply with the zero trust architecture strategy, implementation will have challenges along the way. IT modernization is still ongoing, and many legacy tools currently in use were designed for legacy security. Gartner identified the acceleration of legacy modernization as one of the top ten government technology trends for 2022, (5) and modernization will need to continue alongside the shift to zero trust.
Citations:
1 – FACT SHEET: President Signs Executive Order Charting New Course to Improve the Nation’s Cybersecurity and Protect Federal Government Networks, The White House, May 2021
2 – Moving the U.S. Government Toward Zero Trust Cybersecurity Principles, The White House, January 2022
3 – H.R.2227 – MGT Act, U.S. House of Representatives, December 2017
4 – Guidelines on the American Rescue Plan Funding , The Technology Modernization Fund, March 2021
5 – Gartner Unveils the Top 10 Government Technology Trends for 2022, Gartner, February 2022