Exploring the EO’s Zero Trust Requirement

The Biden EO mandates that agencies submit a plan to implement Zero Trust within 60 days.  While this is probably the most impactful and beneficial part of the Executive Order, it will also be the hardest mandate to address.  Unfortunately, it will also be the hardest mandate to enforce and grade the success of each agency as far as its execution.  Zero Trust design and architecture is not as cut and dry as compliance and auditing.  Zero Trust is a philosophy of approach to security, not a codified solution or product.  

The EO specifically mentions NIST in the section of Zero Trust which falls into the 800-207 publication from fall of 2020.  The EO does not call for any further information to be provided to agencies, leading each agency to read the NIST publications and provide a plan to address the seven tenets and the steps outlined in that document to implement them.

Agencies may have to reach out to NIST directly or consult with third parties to get help in putting together a plan that must be submitted to the OMB.  Unfortunately, there is a lot of noise around Zero Trust within the cybersecurity industry that supports Federal Agencies.  The problem is that, by definition, every cybersecurity solution is relevant to the overall Zero Trust architecture in some way, but many try to portray themselves as more relevant or a silver bullet in Zero Trust.  Let me be really clear here… there are none.  Period.  

This is actually where GuidePoint Security can provide the most value to an agency.  Knowing the entire landscape of cybersecurity, being focused already on building architectures that work, Zero Trust is just a natural maturation of what we’ve been providing to customers over the last decade.  Now the architecture just has a name to it.  GuidePoint Security has the unique knowledge and cleared expertise to build a roadmap to an active defense Zero Trust architecture.