In January 2022, the Biden Administration issued their latest memorandum relating to cybersecurity. The Presidential Action is titled “Memorandum on Improving the Cybersecurity of National Security, Department of Defense, and Intelligence Community Systems.” The memorandum further clarifies elements that were laid down in May 2021’s Executive Order 14028.
While the approach lays down the requirements of the U.S. government, and is generally supported by the IT sector, many agencies are left wondering where they will find the resources to be able to comply.
Looking at the core issues associated with the recent statement from the White House for Digital Journal is Paul Martini, CEO of Zero Trust cloud security firm iboss.
Martini’s main focus is with the NIST 800-207 portion of the memorandum, particularly how the new requirements can help reduce the cyber-risk posed by distributed workforces and data.
NIST (National Institute of Standards and Technology) Special Publication 800-207 is a series of cybersecurity measures and guidelines highlighting the core components of Zero Trust principles.
Zero Trust refers to a conceptual shift of network defenses toward a more comprehensive IT security model, one that enables organizations to restrict access controls to networks, applications, and environment without affecting performance. In essence, a Zero Trust approach trusts no one.
This is achieved through a combination of approaches such as strong authentication methods and by leveraging network segmentation. Despite the rhetoric, achieving Zero Trust is not easy and firms that claim to have achieved Zero Trust have not necessarily done so and data breaches still occur.
Martini’s assessment of the new U.S. government statement is that the approach to security is to be welcomes. He explains: “Biden’s memorandum includes a requirement that decision makers develop a plan to implement Zero Trust Architecture according to the NIST 800-207 Special Publication.”
The reason why this matters, says Martini is because such measures are “critical for government agencies as well as enterprises, who should follow the federal lead, as this architecture enables organizations to reduce cyber risk by protecting resources that are located everywhere and accessible from anywhere.”
Such measures are reflective of the way workplace technology has shifted, notes Martini. He explains: “The shift of applications, data and resources to the cloud has distributed sensitive information everywhere, making organizations vulnerable to data loss, destruction and loss of availability. This can have critical implications on the country’s cybersecurity posture and we’re pleased with the Biden Administration’s decision to act decisively to help remediate this issue.”