More than 90 Percent of Federal Cybersecurity Decision Makers Have Increased Confidence in Implementing Zero Trust following Government Mandates

Zero Trust Report from Merlin Cyber and MeriTalk Provides Insight into Federal Agencies' Momentum, Priorities, Challenges; Offers Recommendations for Implementation Success

TYSONS CORNER, Va. – January 25, 2022 – Merlin Cyber, a premier public sector platform of cybersecurity solutions, technical expertise and growth acceleration, and MeriTalk, a public-private partnership focused on improving the outcomes of government IT, today unveiled the results of a new zero trust report, “Zeroing In: 2022 State of Federal Zero Trust Maturity.” The report is based on a survey of more than 150 federal cybersecurity decision makers and explores the priorities, goals and anticipated challenges around the federal government’s zero trust implementations. According to the report, more than 70 percent of federal agencies are aggressively adopting zero trust principles, while another 26 percent are adopting where they feel it makes sense.

Recent high-profile cybersecurity incidents have fueled the urgency to secure federal networks and systems against adversaries. The 2021 Executive Order on Improving the Nation’s Cybersecurity, Office of Management and Budget’s (OMB) Federal Strategy for a Zero Trust Architecture, and the Cybersecurity and Infrastructure Security Agency’s (CISA)Zero Trust Maturity Model have outlined the application of zero trust principles for agencies.

The report analyzes decision makers’ concerns around the feasibility of the federal government’s zero trust goals. In particular, while 92 percent say these recent federal initiatives have increased their confidence in the implementation of zero trust, 87 percent feel that the Executive Order and OMB Zero Trust Architecture pushes agencies to move too fast for effective implementation. Numerous challenges were identified for all agencies, including:

  • Centralizing previously siloed cybersecurity tools/deployments
  • Integrating new solutions with legacy systems that rely on implicit trust
  • Staffing/training; and
  • Selecting the right vendor

Further, the report also looks into the importance and prioritization of the five pillars as outlined in OMB’s Federal Zero Trust Strategy.

  • DoD priorities: Identity (75%), Data (63%), Applications (63%), Networks (57%), Devices (45%)
  • Civilian priorities: Data (68%), Identity (67%), Networks (49%), Applications (44%), Devices (44%).

“As agencies take steps to comply with the Executive Order, OMB Zero Trust Architecture and CISA Zero Trust Maturity Model, it is critical that the private sector understands the areas of confidence and concern among federal cybersecurity decision makers,” said Miguel Sian, Senior VP of Technology at Merlin Cyber. “Public-private collaboration will be essential as agencies move from zero trust confidence to competence over the next three years.”

Zero Trust Goals identified include:

  • DoD: Supporting intelligent automation of security actions (49%), moving reliance to encryption and application testing instead of perimeter security (42%), and enabling safe and robust use of cloud services (38%)
  • Civilian: Enabling safe and robust use of cloud services (52%), bolstering strong identity practices across Federal agencies (39%), and recognizing every device and resource the government has (37%)

To view the full report, visit

About Merlin Cyber

Merlin Cyber is a powerful ecosystem of cybersecurity innovation, technical expertise, and growth acceleration with 25 years of experience working with the U.S. Public Sector. Through Merlin Cyber, federal civilian, defense, and state and local agencies access innovative cybersecurity solutions that have been strategically curated to ensure they effectively meet their requirements and mission priorities. This enables the U.S. Public Sector to successfully keep ahead of today’s critical threats, accelerate modernization initiatives, and defend our nation. Learn more at

About MeriTalk

The voice of tomorrow’s government today, MeriTalk is a public-private partnership focused on improving the outcomes of government IT. Our award-winning editorial team and world-class events and research staff produces unmatched news, analysis, and insight. The goal: more efficient, responsive, and citizen-centric government. MeriTalk connects with an audience of 160,000 Federal community contacts. For more information, visit or follow us on Twitter, @MeriTalk. MeriTalk is a 300Brand organization.

How PAM Can Protect Feds From Third Party/Service Account Cyber Attacks

How PAM Can Protect Feds From Third Party/Service Account Cyber Attacks

Share This