Federal Zero Trust

On the Federal side - here are a handful of public attestations you can cite. Most recent and most notably the OMB memorandum is effectively a kill order on yesterday's networks and common MFA (VPNs, WAN, SD_WAN, TOTP, Phone base MFA).

  • Directs Federal Agencies to retire VPNs, non-encrypted DNS, and common MFA techniques (TOTP, Phone number based).
  • "The Federal Government can no longer depend on conventional perimeter based (network) defenses."
  • "Users should log into applications, rather than networks".

    • Resources

    May 12th, 2021

    Executive Order on Improving the Nation’s Cybersecurity

    Jan 26th, 2022

    OMB M-09-22 - Moving the U.S. Government Toward Zero Trust Cybersecurity Principles

    Feb 2021 and Sep 2021

    Randy Resnick, NSA Zero-trust Mindset

    MEMO-PDF
    VIDEO-YOUTUBE