Search
Appgate SDP
SDP Overview
Learn how Appgate SDP reduces risk and complexity, and why it's the industry's most comprehensive Zero Trust network access solution.
How Appgate SDP Works
Find out about the inner-workings of the most flexible and adaptable Zero Trust Network Access solution available today.
SDP Integrations
Explore security, IT and business-system integrations that can enhance and help you adapt Appgate SDP to your existing workflows
SDP for Developers
Access developer tools and resources to maximize the value of your Appgate SDP deployment.
Zero Trust Network Access for:
Risk-Based Authentication
Overview
Learn how Risk-Based Authentication provides a frictionless, intelligent and data-informed approach to user authentication.
Strong Authentication
Find out how you can provide secure, frictionless access with the right multi-factor authentication method.
Transaction Monitoring
Explore the tools you can use to intelligently identify and prevent online fraud.
Behavioral Biometrics Service
Learn how behavioral analysis and machine learning stop fraudulent online web activity in real-time.
Secure Consumer Access for:
Digital Threat Protection
Overview
Discover how you can gain unparalleled threat visibility and the risk management tools that enable early identification and elimination of potential attacks.
Key Features
Take a deep dive into the features and tools contained within our industry-leading Digital Threat Protection (DTP) solution.
SECURE NETWORK ACCESS

Michael FriedrichDecember 9, 2021

Federal March to Zero Trust Security: CISA’s Guidance Focuses on Four Pillars

The Office of Management and Budget (OMB), the Department of Defense (DoD), the U.S. Air Force (USAF), the Defense Information Systems Agency (DISA) and now the Cybersecurity and Infrastructure Security Agency (CISA) have created or are in the process of finalizing Zero Trust security guidance.

Share

The federal government spotlight on Zero Trust security also has been underscored by Congress looking into legislation to support the May 2021 executive order on Improving the Nation’s Cybersecurity. And the National Institute of Science and Technology (NIST) has released SP 800-207 on Zero Trust architecture and is conducting a CRADA research project with key industry partners, including Appgate, to provide NIST-approved best practices for implementing Zero Trust security.

For those of us serving in the federal cybersecurity space, it seems logical, based on the executive order, that CISA will be the key player in helping agencies in their journey to Zero Trust security. Toward that end, CISA drafted its Zero Trust Maturity Model in June 2021 and opened it up for public comment, in which Appgate participated. Now it is adjudicating those comments and will publish an update soon. CISA’s draft Zero Trust Maturity Model establishes a set of focus pillars for agencies, which are:

  1. Identity: Refers to an attribute or set of attributes that uniquely describe an agency user or entity.Agencies should ensure and enforce that the right users and entities have the right access to the right resources at the right time
  2. Device: Refers to any hardware asset that can connect to a network, including internet of things (IoT) devices, mobile phones, laptops, servers and others. A device may be agency-owned or bring-your-own-device (BYOD). Agencies should inventory devices, secure all agency devices and prevent unauthorized devices from accessing resources.
  3. Network/Environment: Refers to an open communications medium used to transport messages, including agency internal networks, wireless networks and the internet. Agencies should segment and control networks and manage internal and external data flows.
  4. Application Workload: Includes agency systems, computer programs and services that execute on-premises, as well as in a cloud environment. Agencies should secure and manage the application layer as well as containers and provide secure application delivery.

When talking about Zero Trust security we must always account for the fact that it is a journey to implement a Zero Trust architecture, not a sprint. Agencies have many application workloads and dependencies that must be accounted for along this journey. Further, they need to truly identify the five Ws—who, what, where, when and why—that never seem to go away. They are like Moore’s law and must be answered to complete each project plan and execute on Zero Trust security goals.

But, let me provide a word of caution from a leading company in this space: no one product, company or service provider will have all the answers and that is okay! The ultimate guidance CISA will provide as its optimal end goal will lay out critical areas of focus for federal government agencies to execute on. The industry now needs to help ensure plans are thorough, well thought out, measurable for success and will achieve those end state goals as defined.

For more on how our Appgate Federal Division is leading the way, please visit www.appgate.com/federal-division.

Additional resources:

Blog: Appgate and Rackspace Government Cloud Deliver FedRAMP-Approved Solution
Blog: Federal agencies: make a secure and scalable move to cloud with Zero Trust
Infographic: 2021 Zero Trust Market Dynamics study
Webinar replay: Zero Trust for Critical Infrastructure

Receive News and Updates From Appgate