Microsoft helping U.S. government with Zero Trust architecture
To help federal agencies follow an executive order, Microsoft is designing examples of Zero Trust architecture.
What you need to know
- Microsoft is working with the National Institute of Standards and Technology to help design and implement Zero Trust architecture.
- Zero Trust assumes that an organization has been breached and focuses on verification to improve security.
- President Biden issued an Executive Order in May 2021 that requires federal agencies to invest in cybersecurity.
On May 12, 2021, President Joe Biden issued Executive Order (EO) 14028. The EO requires federal agencies to make "significant investments" in cybersecurity. Microsoft and 17 other companies will work with the National Institute of Standards and Technology (NIST) to help design Zero Trust policies.
EO 14028 states that the "private sector must adapt to the continuously changing threat environment, ensure its products are built and operate securely, and partner with the Federal Government to foster a more secure cyberspace."
Specifically, the EO requires federal agencies to develop and plan to adopt Zero Trust Architecture. Zero Trust is a different model of security that assumes a system has already been breached. It relies on verification rather than just focusing on strengthening systems against attacks.
Microsoft explains how it is working with NIST's National Cybersecurity Center of Excellence (NCCoE) on implementing a Zero Trust Architecture Project. The company states that in many agencies, the required technology is in place, but that it needs to be activated and fine-tuned.
Microsoft has identified five of the most impactful scenarios that agencies should build toward to meet the directives in EO 14028:
- Cloud-ready authentication apps
- Web apps with legacy authentication
- Remote server administration
- Segment cloud administration
- Network micro-segmentation
Kevin Stine, chief of the Applied Cybersecurity Division in the National Institute of Standards and Technology's Information Technology Laboratory (ITL), shared how companies such as Microsoft will play a role in implementing Zero Trust architecture:
The NCCoE aims to have multiple examples of Zero Trust architecture built and shared. These can then be used as guides for implementing security technology in the real world.
Get the Windows Central Newsletter
All the latest news, reviews, and guides for Windows and Xbox diehards.
Sean Endicott brings nearly a decade of experience covering Microsoft and Windows news to Windows Central. He joined our team in 2017 as an app reviewer and now heads up our day-to-day news coverage. If you have a news tip or an app to review, hit him up at firstname.lastname@example.org.