Multiple news organizations have reported that a recently issued memo, authored by National Security Advisor Jake Sullivan, calls for swift action by multiple federal departments and agencies that have not fully adhered to essential security measures outlined in a May 2021 executive order (EO) on Improving the Nation’s Cybersecurity. The memo charges lagging agencies to present a detailed implementation plan by the end of September and ensure full compliance with the EO by the end of this year.
This directive encapsulates a growing concern over the government's perceived inadequate protection against increasing cyberattacks perpetuated by state-sponsored groups and other malicious threat actors. Two headline-driving examples in recent years are the Russian intrusion of federal networks via the SolarWinds breach and the Colonial Pipeline ransomware attack.
In my opinion, this urgency is justified as successful cyberattacks against the U.S. government continue and, while progress has been made, it is clearly not fast enough. For instance, in July it was reported that an alleged Chinese hacking campaign compromised high-profile email accounts, including the U.S. ambassador to China and the Secretary of Commerce.
The federal march to Zero Trust
The far-ranging 2021 EO addresses everything from information sharing to supply chain security and extends beyond agencies to federal contractors, requiring them to shore up cybersecurity measures to continue government collaborations. In Section 3: Modernizing the Federal Government Cybersecurity, the EO also calls for implementation of Zero Trust architecture aligned to guidance from the National Institute of Standards and Technology (NIST) SP 800-207.
We are proud of the fact that many Appgate team members are involved in helping shape Zero Trust security best practices at the federal level in several key areas. Since July 2021, we have participated in the Implementing a Zero Trust Architecture Project with the National Cybersecurity Center of Excellence (NCCoE) at NIST in collaboration with other key industry partners. The project is focused on developing practical, interoperable approaches to designing and building Zero Trust architectures that align with the tenets and principles documented in NIST 800-207.
In addition, the Cybersecurity and Infrastructure Security Agency (CISA) is a key player in helping agencies in their journey to Zero Trust security. In June 2021, CISA opened up its draft Zero Trust Maturity Model for public comment and Appgate participated in this effort. Just this past April, CISA published Version 2.0 of the Zero Trust Maturity Model, which reflects Appgate’s perspective.
As new federal compliance deadlines loom, the message is clear: the ever-evolving cybersecurity battlefield requires constant vigilance and proactive action. For more on how Appgate Federal Division is leading the way by helping agencies deploy Appgate SDP, the first and only Common Criteria Certified ZTNA solution, please visit www.appgate.com/federal-division.
Additional Zero Trust access resources
News: Appgate Awarded Cybersecurity BPA by DoD Enterprise Software Initiative
Webinar: Accelerating Your Public Sector Zero Trust Journey with Carahsoft
Datasheet: Supporting the DoD Zero Trust Strategy
Guide: What’s the Difference Between Cloud-routed and Direct-routed ZTNA?