Zero Trust
Zero trust architecture dynamically secures users, devices, and resources, moving beyond static perimeter defenses.
IT environments require robust defenses to reduce risk to the cyber and physical infrastructure Americans rely on every day. Driving zero trust (ZT) progress is an important part of CISA's mission of operational collaboration and information sharing.
Adopting ZT principles addresses many of the challenges of the dynamic threat landscape. Specifically, ZT improves visibility, enabling organizations to detect and understand threats more effectively. ZT also facilitates orchestration and automation, allowing for rapid and coordinated threat response.
What Zero Trust Means for Cybersecurity
ZT principles assume the entire network is compromised. That point of view provides a collection of concepts and ideas designed to minimize uncertainty by enforcing precise, least privilege per-request access decisions within information systems and services. The goal is to prevent unauthorized access to data and services and make access control enforcement as granular as possible. ZT presents a shift from a location-centric to a data-centric adaptive approach for fine-grained security controls between users, systems, data, and assets that change over time.
CISA's Zero Trust Maturity Model
CISA’s Zero Trust Maturity Model is one of many roadmaps that agencies can reference as they transition towards a ZT architecture.
Building Zero Trust Capacity
Since the release of CISA's Zero Trust Maturity Model version 1.0 in September 2021, the agency has been working to accelerate adoption of ZT across the federal enterprise. CISA collaborates with government, commercial, and private sector partners—including global security leaders—to understand key ZT implementation roadblocks and to develop strategies and solutions to address these challenges.
Featured Implementation Guidance
Encrypted DNS Implementation Guidance
This guidance provides ZT implementation steps for federal agencies to meet federal requirements related to encryption of Domain Name System (DNS) traffic to enhance the cybersecurity posture of their IT networks.
Cloud Security Technical Reference Architecture
This guidance offers considerations for shared services, cloud migration, and cloud security posture management.
Federal Zero Trust Data Security Guide
This guide and its companion piece—available from the Chief Information Officers Council—provide agencies with critical direction on defining, identifying, and securing data assets.
Phishing-resistant Multifactor Authentication Success Story
This report details how USDA successfully implemented phishing-resistant authentication in situations where, in the past, only authentication methods vulnerable to phishing were feasible.
Foundational Zero Trust Resources
NIST SP 800-207 Zero Trust Architecture
This guidance contains an abstract definition of zero trust architecture (ZTA) and gives general deployment models and use cases where zero trust could improve an enterprise’s overall information technology security posture.
Department of Defense Zero Trust Strategy
This Department of Defense ZT strategy provides the necessary guidance for advancing ZT concept development to secure the DoD’s ecosystem against evolving cyber threats.
NSA Guidance: Embracing a Zero Trust Security Model
This guidance recommends leveraging ZT principles to enable system administrators to control how users, processes, and devices engage with data.
Contact Us
Please share your thoughts by emailing us.