Understanding the Transition to Zero Trust

The Zero Trust Journey

Modernizing cyber defenses is necessary to protect our nation’s sensitive information systems. The Biden administration established the implementation of the Zero Trust methodology as part of Executive Order 14028, Improving the Nation’s Cybersecurity.

Initially developed by John Kindervag, the concept has now expanded to ensure every attempt to access data, no matter how mundane, requires authorization. The National Security Telecommunications Advisory Committee (NSTAC) defines Zero Trust as “a cybersecurity strategy premised on the idea that no user or asset is to be implicitly trusted. It assumes that a breach has already occurred or will occur. Therefore, a user should not be granted access to sensitive information by a single verification done at the enterprise perimeter. Instead, each user, device, application, and transaction must be continually verified.”

The goal behind Zero Trust is to “prevent unauthorized access to data and services by access control enforcement.” After full implementation, the federal government hopes to adopt reliable encrypted networks, organization-managed accounts with full access to necessary resources, and continuous tracking, monitoring, and securing of work devices and sensitive materials. While not a new concept within cybersecurity, organizations like RELI Group actively support federal customers in actualizing this business model and provide the technical acumen needed to execute these risk reduction measures.

National Security Telecommunications Advisory Committee

NSTAC produced a Report to the President on Zero Trust and Trusted Identity Management in February of 2022. It illustrates the most comprehensive methods of defining, assessing and applying the Zero Trust model to each area in the designated pillars.

Knowing where your organization is currently is critical in identifying your starting point on this journey. That is where a focused team of subject matter experts, like the Cybersecurity Team at RELI, can support the organizational assessment via the CISA Zero Trust Maturity Model (ZTMM) to reduce agency risk.

In this dynamic model, organizations often find themselves proficient in some areas more than others. Organizations can be categorized as traditional, advanced or optimal in terms of their level of Zero Trust optimization using the ZTMM. Assessing opportunities and vulnerabilities within the maturity model allows organizations to plan, build and maintain a secure Zero Trust Architecture.

Join the Discussion on Zero Trust with RELI Group at Cyber Maryland!

RELI is a presenting sponsor at this year’s Cyber Maryland Governance & Policy Forum on March 15, 2023. We invite you to join our team of cybersecurity experts in discussing Zero Trust, Executive Order 14028 and more! To learn about our current cybersecurity capabilities, please visit www.RELIgroupinc.com/capability/cyber-security-operations.