CISA’s Dedicated Office to Drive Zero Trust Adoption in Federal Agencies

The Cybersecurity and Infrastructure Security Agency (CISA) is establishing a specialized office aimed at assisting federal agencies in implementing zero-trust security principles, according to media reports.

The newly established office will provide enhanced training on zero trust principles to federal agencies, alongside endeavors to improve the identification of requisite skills and knowledge essential for successful implementation of the architecture.

To enable this, CISA is closely working with various organizations and intends to release playbooks for agencies interested in knowing more about zero trust principles.

Moreover, the new office will also be tasked with evaluating the zero trust maturity of federal agencies.

The creation of CISA's dedicated zero trust office advances the principles outlined in the National Institute of Standards and Technology's "Zero Trust Architecture" publication, as well as the strategies delineated in the U.S. Office of Management and Budget (OMB)'s zero trust strategy and a cybersecurity-focused executive order issued in 2021.

Earlier this month, CISA along with the National Security Agency (NSA), and Federal Bureau of Investigation (FBI) warned federal agencies about a possible cyber attack by the Chinese state-sponsored cyber group Volt Typhoon.

The cybersecurity watchdog warned that cyber actors sponsored by states are attempting to establish an early presence on IT networks, potentially for disruptive or destructive cyberattacks against critical infrastructure in the U.S. during significant crises or conflicts with the nation.

The Chinese cyber group has compromised the IT environments of multiple critical infrastructure organizations — primarily in Communications, Energy, Transportation Systems, and Water and Wastewater Systems Sectors in the U.S. as well as in territories such as Guam, according to the advisory issued by CISA.