Federal CIO says agencies are nearing completion of zero-trust implementation
The White House is closing in on total zero-trust implementation across agencies as the Sept. 30 deadline approaches quickly, its top IT official said Wednesday.
During a panel at the Billington Cybersecurity Summit in Washington, D.C., federal CIO Clare Martorana announced that the 24 Chief Financial Officers Act agencies are all in the “high 90% range” for zero-trust architecture. Additionally, Martorana said that metrics have shown, broadly, that federal entities have moved from 81% to 87% in completion rates.
“For every agency, it is a journey, it is not a destination,” Martorana said. “You don’t get to a place called zero trust and it’s unicorns and rainbows. It is a journey that we have to be on and that also requires consistent funding.”
The federal CIO pointed to the Technology Modernization Fund as a way that agencies have been able to fund cybersecurity initiatives — Martorana said that 83% of TMF investments “went to cybersecurity helping agencies get on the path to zero trust.”
Martorana said that three agencies led in using these investments for zero-trust implementation and came out the other end with lessons learned, ready to share. One of those agencies, she said, was “really dealing with [an] extraordinary burden of a lot of legacy IT.”
“We were able to understand what worked, what didn’t work and move out on that,” Martorana said of watching those three agencies. “It is a continued journey that the government is going to go through for many years, but I can see real progress.”
On Thursday at Billington, General Services Administration CIO Dave Shive said his agency was one of those that received TMF funding for zero trust.
Martorana “did not name the agencies” on Wednesday, Shive said, “but I can say that GSA was one of the agencies.”
During a Scoop News Group-produced Amazon Web Services event in May, several agency IT officials expressed confidence in hitting the Sept. 30 deadline. Department of the Interior CISO Stan Lowe said at the time that zero trust “is a journey” and acknowledged the presence of legacy IT systems and applications being a part of the path to zero trust “because technology is going to change.”
The Office of Management and Budget did not respond to a request for comment by the time of publication.
