How Federal Agencies Can Modernize Identity in Compliance with Zero Trust
The Office of Management and Budget (OMB) and the Cybersecurity and Infrastructure Security Agency (CISA) have solicited public comment on a Federal Zero Trust strategy and maturity model in support of the President’s Cyber Executive Order (EO). Central to the Zero Trust strategy is a call for continuous, risk-based authentication and user and entity behavior analytics (UEBA). Why? Identity-based attacks continue to utilize compromised user credentials to access critical, sensitive resources. Brute force attacks and exploiting vulnerabilities for credential access allow the adversary to gain a foothold in the network, move laterally and access high value targets within the federal agencies. This includes assets that couldn’t be protected with multifactor authentication before, such as legacy and homegrown applications, command line access tools, industrial and healthcare systems, file shares, databases and more.