OMB has issued for comment a draft strategy for carrying out a Biden administration executive order to “accelerate agencies towards a shared baseline of early zero trust maturity.”
“While the concepts behind zero trust architectures are not new, the implications of shifting away from “trusted networks” are new to most enterprises, including many Federal agencies. This will be a journey for the federal government, and there will be learning and adjustments along the way as agencies and policies adapt to new practices and technologies.,” says a notice https://zerotrust.cyber.gov.
In addition to technical requirements—explained in more detail in an accompanying document from the DHS Cybersecurity and Infrastructure Security Agency—the document calls for stronger controls for federal employees and contractors to access agency systems. These would include strengthening multi-factor authentication requirements, password policies and protections against phishing attacks, among others.