Secret Service needs to make key improvements to zero trust effort says watchdog

GAO says the agency should adopt IPv6 for its public-facing systems and update its zero-trust architecture implementation plans.
Members of the Secret Service arrive to board Air Force One to escort US President Donald Trump at Andrews Air Force Base May 4, 2017 in Maryland. Image credit: BRENDAN SMIALOWSKI/AFP via Getty Images.

The Government Accountability Office (GAO) earlier this month made two key recommendations to improve the zero trust cybersecurity architecture of the Secret Service.

As cyber threats increase, the Secret Service is being pushed by the watchdog to adopt a more advanced internet protocol for its public-facing systems and to update its zero-trust architecture implementation plans. DHS leadership concurred with the GAO cybersecurity recommendations.

The Secret Service relies heavily on secure IT systems to support its protection and complex investigations mission.

In recent years, the law enforcement agency has developed a zero trust implementation plan with key adoption milestones, but according to GAO these do not currently meet long-standing Office of Management and Budget (OMB) requirements for public-facing systems and industry best practices.


“Adopting zero trust architectures will require vigilance in revamping existing IT environments to defend against ever-increasing threats,” the GAO report said. “Although Secret Service has made progress, it has not yet addressed longstanding OMB requirements on implementing IPv6 for public-facing systems. By transitioning to this protocol, the agency can leverage additional security features.”

A zero-trust security architecture is one in which users on a network are not trusted by default and instead required to provide credentials and earn authorization, typically with continuous validation. The Cybersecurity and Infrastructure Security Agency (CISA) has focused on implementing zero trust in federal agencies like the Secret Service through five key principles of identity, device, network, applications and workloads, and data.

Nearly half of federal IT executives in a recent survey said their agencies are moving away from traditional network perimeter defense tactics and taking steps to adopt identity-centered, or zero-trust, security strategies to protect their digital resources.

Nihal Krishan

Written by Nihal Krishan

Nihal Krishan is a technology reporter for FedScoop. He came to the publication from The Washington Examiner where he was a Big Tech Reporter, and previously covered the tech industry at Mother Jones and Global Competition Review. In addition to tech policy, he has also covered national politics with a focus on the economy and campaign finance. His work has been published in the Boston Globe, USA TODAY, HuffPost, and the Arizona Republic, and he has appeared on NPR, SiriusXM, and PBS Arizona. Krishan is a graduate of Arizona State University’s Walter Cronkite School for Journalism. He grew up in South Korea, Saudi Arabia, India, and Singapore before moving to the United States to study politics and journalism. You can reach him at

Latest Podcasts