Just under half of federal agencies are expected to meet all zero trust requirements by OMB’s 2024 deadline as laid out in President Biden’s 2021 cybersecurity executive order, according to a new survey by GDIT.
According to the study, 49% of respondents felt their department was likely to meet all requirements on time, while 14% expected to meet the zero trust requirements ahead of schedule.
GDIT found also that 21% of federal IT leaders surveyed felt their agency would meet the majority of requirements on time, but not all. Of staff canvassed, 8% thought their department would meet some requirements on time, but not the majority.
The federal contractor surveyed 300 prequalified federal mission and IT decision-makers, of which 40% worked at defense agencies and 60% worked at federal civilian agencies.
The findings come ahead of the one-year anniversary of President Biden’s executive order 14028 on improving the nation’s cybersecurity. The EO mandated each federal agency within 60 days to develop plans to implement zero-trust architectures and prioritize the adoption of cloud technology.
According to the survey, 30% of survey respondents felt that OMB’s federal zero trust strategy guidance was most helpful for policy implementation. This compared with 24% who felt NIST’s 800-207 zero trust documentation was most helpful, and 23% who felt that the Department of Defense’s zero-trust reference architecture, published in February 2021, was most helpful.
Federal agencies continue to work to implement the guidance and meet the requirements set out by the May cybersecurity order.
GDIT found also that 58% of respondents felt that rebuilding or replacing existing legacy infrastructure was one of the primary challenges to implementing zero trust. According to the survey, 48% also thought that their agencies lack sufficient IT staff expertise.
Speaking at a FedScoop event last month, Department of Agriculture CISO Ja’Nelle Devore said that ensuring IT staff receive sufficient training to use the latest security tools was a key challenge facing departments as they race to comply with zero trust requirements.
“We have enough people, the issue is training,” she said. “When you have several tools that will be part of your zero trust utilization, you have to re-integrate how they work.”