Maturing Enterprise Mobility Towards Zero Trust Architectures


By: Eric Goldstein, Executive Assistant Director for Cybersecurity

As our adversaries continue to evolve their efforts to compromise networks across all sectors of the economy, the Biden Administration is driving urgent efforts toward a new cybersecurity paradigm. President  Biden’s Executive Order on Improving the Nation’s Cybersecurity (EO 14028) focuses on advancing security measures for the federal government that dramatically reduce the risk of successful cyberattacks. In particular, EO 14028 requires federal civilian agencies to establish plans to drive adoption of Zero Trust Architecture.

The Office of Management and Budget (OMB) issued a zero trust (ZT) strategy document in response to the Cybersecurity EO that requires Federal agencies to achieve certain specific ZT goals by the end of Fiscal Year 2024. Mobile devices present unique opportunities and challenges in adopting comprehensive zero trust models. We understand that mobile devices are an integral resource to conducting official business.

To support federal agencies and other organizations on their journey toward zero trust, CISA has published Applying Zero Trust Principles to Enterprise Mobility. This new publication highlights the need for special consideration for mobile devices and associated enterprise security management capabilities due to their technological evolution and ubiquitous use. The paper further presents architectural frameworks, principles, and capabilities to attain a ZT level set by the adopting organization. It then maps mobile security approaches into ZT principles that an organization can use to align its current mobile security capabilities with a ZT approach.

It is important to note that the mobility ZT paper is not a technical manual or implementation guide for either zero trust or enterprise mobility. Instead, it will guide federal civilian agencies and other organizations through the process of developing and implementing their specific cybersecurity capabilities for enterprise mobility toward adoption of their ZT goals.

We are also requesting public comment to ensure our guidance enables the best visibility, flexibility, and security. Our intent is to inform federal agencies how ZT principles can be applied to currently-available mobile security technologies that are already adopted in many cases as part of enterprise mobility security programs.

The deadline for providing comment on the CISA zero trust mobility paper is April 20, 2022 and they should be submitted to: CyberLiaison@CISA.dhs.gov. We look forward to receiving and reviewing your comments on this important effort to improve federal enterprise mobility cybersecurity.


###