CISA establishing new office focused on zero trust
The Cybersecurity and Infrastructure Security Agency is opening up an office dedicated to helping federal agencies implement zero trust security principles, leaning further into the Biden administration’s push toward broader adoption of the framework.
Speaking Thursday at CyberScoop’s Zero Trust Summit, Sean Connelly, CISA’s senior cybersecurity architect and trusted internet connections program manager, said the agency’s Zero Trust Initiative Office is intended to provide federal agencies with more comprehensive trainings and resources.
“We’re working with various organizations to support broad training,” Connelly said. “We also have some in-house training we’ve done with a number of agencies [and have made available] playbooks and guidance [for] agencies that want to know how to move toward zero trust.”
The new office will offer expanded training on zero trust principles and will also include an effort to better identify the skills and knowledge needed for successful implementations of the architecture. The office’s playbooks will build on current CISA resources, specifically the agency’s Zero Trust Maturity Model and Trusted Internet Connections 3.0.
Connelly said the office will also focus on community building and collaboration, some of which will come in the form of expanded relationships with interagency partners and the broader IT community. A slide deck presented by Connelly highlighted the creation of two zero trust interagency working groups centered on practitioners and network modernization.
Finally, the office will be tasked with assessing agencies’ zero trust maturity. Connelly said the agency is working with the Office of Management and Budget about how agencies can “move forward” through the stages laid out in CISA’s model. CISA, OMB and others will work together to develop metrics and benchmarks that track agencies’ progress toward maturity.
The establishment of CISA’s new zero trust-focused office builds upon the principles laid out in the National Institute of Standards and Technology’s “Zero Trust Architecture” publication, the strategies detailed in OMB’s zero trust strategy and a 2021 executive order focused on cybersecurity.
