Zero Trust for Federal Government: A Guide to Achieving Improved Cyber Security

Zero trust has gained rapid acceptance during the coronavirus pandemic because it is built on the principle of “never trust, always verify.” This concept of least privilege access became crucial amid widely distributed workforces resulting in remote connectivity where individuals logged into agency and corporate networks from all manner of devices and public Internet connections.

Zero trust doesn’t occur overnight. The path to maturity includes the implementation and integration of multiple technologies and capabilities. To simplify the journey, Mandiant recommends starting with these four actions:

• Verify the identity
• Verify the device
• Limit access and privilege
• Learn and adapt

All these actions can be addressed with a zero trust architecture (ZTA). As defined by the Executive Order, ZTA is a security model—a set of system design principles and a coordinated cyber security and system management strategy—and not just a single product or service offering.