Header background

How to achieve the pillars of zero trust at federal agencies

The White House’s Executive Order on Improving the Nation’s Cybersecurityand the Office of Management and Budget (OMB) memo, Moving the U.S. Government Toward Zero Trust Cybersecurity Principles have increased federal IT and security leaders’ urgency to implement zero trust (ZT). The OMB memo states that agencies must meet specific goals based on the five pillars of the Cybersecurity and Infrastructure Security Agency (CISA) Zero Trust Maturity Model: identity, devices, networks, applications/workloads, and data.

A quick refresher: what is zero trust?

Zero trust (ZT) mandates never trusting—but always verifying—any actor, system, network, or service operating outside or within the security perimeter, according to the OMB memo. Teams verify “anything and everything” that might attempt to gain access while enforcing least privilege. This means that authorization is limited to what employees need to do their jobs and nothing more. Agencies isolate systems and encrypt network traffic flowing between and within them while testing enterprise applications internally and externally.

zero trust architecture lock with abstract IT images

In protecting critical data and resources, ZT also establishes continuous multi-factor authentication, micro-segmentation, encryption, endpoint security, automation, and analytics, per the Department of Defense (DoD) Zero Trust Reference Architecture. “In a world of increasingly sophisticated threats,” the DoD states, “A ZT framework reduces the attack surface, reduces risk, and ensures that if a device, network, or user/credential is compromised, the damage is quickly contained and remediated.”

Observability fast-tracks successful ZT implementation

Nearly 75% of federal cybersecurity decision-makers say their agency is aggressively adopting ZT principles. However, 87% of survey respondents feel the mandates are pushing them to move too fast to complete this adoption successfully. Three out of four respondents agree that reaching optimum maturity per the CISA pillars will be a challenge.

This is why agency decision-makers are turning to Dynatrace. Automatic and intelligent observability fast-tracks the effective implementation of the pillar capabilities. Dynatrace observability provides deep visibility analytics into the cloud, hosts, services, processes, containers, and applications, along with automation and orchestration. It ensures the continuous monitoring and capturing of all data from logs, metrics, and end-to-end transactions.

Dynatrace provides a path and a playbook to enable the principles of ZT for agency leaders. Discover more in the latest ebook.

Dynatrace observability enables federal agencies to readily and successfully implement CISA’s five Zero Trust Maturity Model pillars. Download the free ebook to learn how: Achieving the five pillars of zero trust at federal agencies.