A zero trust architecture assumes that no user, device or application attempting interaction with a technology environment can be trusted by default.
Leveraging TMF for the secure modernization of high-value assets
The idea:
Prioritizing TMF dollars for systems that support high-impact programs can drive major improvements in how IT facilitates key government missions.
On May 12, President Joe Biden issued a comprehensive executive order that gave direction to federal depart- ments and agencies for strengthening the government’s cybersecurity pos- ture. The order establishes a require- ment to modernize systems and imple- ment stronger cybersecurity standards by moving agencies and their contract partners to secure cloud services and a zero trust architecture and by mandat- ing deployment of multifactor authen- tication and encryption.
A zero trust architecture assumes that no user, device or application attempting interaction with a technol- ogy environment can be trusted by default. The approach uses elements of identity management, including least- privilege access, continuous authenti- cation and micro-segmentation of the network to limit lateral movement once inside the environment. Zero trust archi- tecture is designed to reduce the risk
of breaches and the damage resulting from inappropriate access.
Additionally, the executive order addresses the security of software supply chains by establishing a public/ private process to develop new and innovative approaches to secure soft- ware development and uses the power of federal procurement to incentivize the market.
Agencies have the opportunity to leverage TMF to modernize high-value assets (HVAs) while improving cyberse- curity in a manner consistent with the executive order’s direction.
The Cybersecurity and Infrastruc- ture Security Agency defines an HVA as “information or an information sys- tem that is so critical to an organiza- tion that the loss or corruption of this information or loss of access to the system would have serious impact to the organization’s ability to perform its mission or conduct business.” This defi- nition was further clarified and expand- ed with the issuance of OMB M-19-03, “Strengthening the Cybersecurity of Federal Agencies by Enhancing the High-Value Asset Program.”
Agencies have long been responsible for identifying and protecting their most critical assets as part of their continuity- of-operations planning programs. If mis- sions are threatened by natural disas- ters, terrorist activities or cyberattacks, agencies must be able to quickly recon- stitute operations and restore those critical assets to their normal function in priority order. Also, with the launch of the initiative to secure HVAs in 2015, CISA received the authority to assist federal agencies in further identifying HVAs most vulnerable to cyberattacks and to set remediation requirements.
These two foundational programs provide data to assist agencies in sequencing systems for modernization in priority order based on criticality to the mission and identified cyber vulner- abilities. Agencies that have done the critical thinking and planning necessary to take an enterprise portfolio view of their technical assets — and have devel- oped a modernization roadmap tied to the strategic plan and prioritized accord- ing to HVA status — can best leverage the expanded funding options afford- ed to them by TMF and other funding
June/July 2021 FCW.COM 33