“Amid a swarm of industry offerings that employ the cybersecurity buzzword, Federal Chief Information Security Officer Chris DeRusha described the essential components of what he considers zero trust.
“I really believe it’s rooted in three core principles: verifying every user, validating every device, and then within that, limiting access intelligently,” he said. “This is obviously a shift away from the prior trust model that assumed if a user is behind a firewall, then you know they can be trusted. Obviously, this isn’t bearing out anymore.”
DeRusha headlined the Billington Cybersecurity Defense Summit Thursday where current and former federal officials stressed that the term “zero trust” refers to a plan of action or policy, not something any one product can claim they provide and advocated smart budgeting…”
“’Government’s been working towards this framework of zero trust for a while,’ DeRusha said. ‘In earnest, in the past few years, agencies are building out really strong foundations around identity and credential access management. We’re also moving closer and closer to doing continuous monitoring [and] dynamic management.’…”
“One individual who may perform a key role advising the administration on cybersecurity spending in consultation with Congress is Chris Inglis, President Joe Biden’s nominee to be the first national cyber director. Speaking at the conference, Inglis mentioned a joint collaborative environment proposed by the Cyberspace Solarium Commission in identifying his most immediate priority, saying it would act as a foundation for disparate entities, including those in the private sector, to work together…” Read the full article here.
Source: How the Federal CISO Views Zero Trust – By Mariam Baksh, April 22, 2021. Nextgov.