The White House on Wednesday published a final version of its zero-trust architecture strategy, which is intended to substantially improve the cybersecurity of government agency systems by 2024.
Key aspects of the new document include a new enhanced focus on multi-factor authentication, a requirement that departments move towards encrypting all DNS requests and HTTP traffic, and begin to segment their network perimeters into separate isolated environments.
The finalized plan comes after the Office of Management and Budget in September last year published a draft zero trust document that identified top cybersecurity priorities, including the consolidation of agency identity systems and treating all internal networks as untrusted.
Included in the new document are a number of concrete deadlines by which senior technology leaders must ensure certain security measures are enacted.
Within 60 days of the memorandum being issued, agencies must incorporate the additional requirements identified in the document and submit an implementation plan for fiscal 2022-2024 to OMB and CISA for review.
The new memo requires also that within 120 days, agency chief data officers must work with their staff to develop a set of initial categorizations for sensitive electronic documents within their departments that could be used to automatically monitor and restrict the sharing of sensitive documents.
According to the new guidance, agencies must also create reliable asset inventories through participation in CISA’s Continuous Diagnostics and Mitigation program. They must ensure also that endpoint detection and response tools meet CISA’s techn ..
Support the originator by clicking the read the rest link below.
