Adopting Zero Trust to Align with Cybersecurity Executive Order

Building greater confidence in your organization’s security posture.

Recent cybersecurity breaches are evidence of the need for contextual authentication and authorization to protect mission-critical technology components. Zero Trust Architecture (ZTA) meets this need by unifying security tools from multiple security domains to create an active security posture within a network’s perimeter.

The integration of strong identity and access management (IAM) principles is the underlying foundation that must be present for a well-built ZTA. Agencies are in different stages of migrating to ZTA—from researching to preparing their systems to remove the traditional perimeter. However, agencies have found difficulty with procurement and deployment of the right tools due to a variety of issues, including lack of funding, reliance on legacy systems, or even inability to properly staff migration projects. These setbacks are slowing the necessary preparation for emerging cyber threats and accruing technical debt in the process.

On May 12, 2021, the Biden administration released a new Executive Order on Improving the Nation’s Cybersecurity to address some of these common problems with ZTA adoption. The executive order (EO) mandates timeframes to meet the following core objectives:

  1. Prevent and mitigate increasingly sophisticated attacks by adopting cloud technologies, strengthening asset management practices, and aligning policy enforcement with ZTA.
  2. Increase information sharing between agencies and transparency into cyber incidents by standardizing reporting and communication methods at all federal agencies.
  3. Create standards for logging techniques, communicating incidents, and remediation techniques between information/operational technology providers and the federal government.

The objectives in the EO build upon an Office of Management and Budget Memorandum M-19-17 for Enabling Mission Delivery through Improved Identity, Credential, and Access Management, issued two years ago. This memo encouraged agencies to establish internal governance around identity and tasked specific agencies with identity policy and standards development to aid in consistency across government.

Meeting these objectives in the given timeframes while planning for and adopting ZTA, minimizing technical rework, and eliminating legacy system-related obstacles is attainable with the right partner.

Guidehouse partners with our clients to develop cost-effective and timesaving strategies to align systems with ZTA using IAM principles.

Guidehouse has a robust cybersecurity practice with a dedicated IAM offering:

  • Using Privileged Access Management to add multiple layers of authentication to resources in legacy systems that cannot be integrated with modern Multifactor Authentication (MFA) methods, and to protect development environments.
  • Dynamic and transparent policy enforcement supported by machine learning capabilities in Identity Governance Administration tools to enable streamlined access provisioning/de-provisioning and improved audit reports.
  • IAM integration with directory services to enforce MFA based on unique attributes of users, devices, and resources, and reduce password dependency.
  • Configuring Security Information Event Management for increased network visibility, creating customized alerts and comprehensive dashboards for information sharing.
  • Utilizing identity-centered Credential Management Systems for governing access to sensitive systems, resources, and workflows founded on strong encryption technology with digital certificates

Guidehouse has a robust cybersecurity practice with a dedicated offering to IAM.  Let us help you build greater confidence in your organization’s security posture.

Contact Us

About the Experts

Back to top