What you need to know
- Microsoft is working with the National Institute of Standards and Technology to help design and implement Zero Trust architecture.
- Zero Trust assumes that an organization has been breached and focuses on verification to improve security.
- President Biden issued an Executive Order in May 2021 that requires federal agencies to invest in cybersecurity.
On May 12, 2021, President Joe Biden issued Executive Order (EO) 14028. The EO requires federal agencies to make "significant investments" in cybersecurity. Microsoft and 17 other companies will work with the National Institute of Standards and Technology (NIST) to help design Zero Trust policies.
EO 14028 states that the "private sector must adapt to the continuously changing threat environment, ensure its products are built and operate securely, and partner with the Federal Government to foster a more secure cyberspace."
Specifically, the EO requires federal agencies to develop and plan to adopt Zero Trust Architecture. Zero Trust is a different model of security that assumes a system has already been breached. It relies on verification rather than just focusing on strengthening systems against attacks.
Microsoft explains how it is working with NIST's National Cybersecurity Center of Excellence (NCCoE) on implementing a Zero Trust Architecture Project. The company states that in many agencies, the required technology is in place, but that it needs to be activated and fine-tuned.
Microsoft has identified five of the most impactful scenarios that agencies should build toward to meet the directives in EO 14028:
- Cloud-ready authentication apps
- Web apps with legacy authentication
- Remote server administration
- Segment cloud administration
- Network micro-segmentation
Kevin Stine, chief of the Applied Cybersecurity Division in the National Institute of Standards and Technology's Information Technology Laboratory (ITL), shared how companies such as Microsoft will play a role in implementing Zero Trust architecture:
The telework tidal wave and increasing cybersecurity breaches and ransomware attacks have made implementing a Zero Trust architecture a federal mandate and a business imperative. We look forward to working with our project collaborators, such as Microsoft, to deliver timely, informed technical 'how-to' guidance and example implementations of Zero Trust architectures to assist federal agencies and other industry sectors with their Zero Trust journeys.
The NCCoE aims to have multiple examples of Zero Trust architecture built and shared. These can then be used as guides for implementing security technology in the real world.
