White House has moved to zero trust implementation phase: Chris DeRusha
The Office of Management and Budget has moved to an implementation phase for zero trust and is working with agencies to help break out costs associated with the cybersecurity approach in their budgets, according to the federal CISO.
Speaking Thursday, Chris DeRusha said the executive branch agency is focused on introducing measures that will codify long-term cultural change, such as listing costs associated with the cybersecurity approach as a specific budget line item.
“That gives the resource management side something easy to deal with,” the cybersecurity leader said, speaking at the CyberTalks conference presented by CyberScoop.
DeRusha added that obtaining further clarity on agencies’ zero-trust spend is key to ensuring long-term adoption of zero trust.
Memorandum M-22-09 was issued in January this year to provide a roadmap for the implementation of zero trust by 2024. The document included concrete requirements relating to multi-factor authentication, DNS request encryption and the segmentation of network perimeters.
At the time, the order was intended to provide an initial starting point for the cybersecurity approach, and to provoke the adoption of more comprehensive strategies at federal departments.
The order identified top cybersecurity priorities, including the consolidation of agency identity systems and treating all internal networks as untrusted. The latest plan moves agencies further towards fulfilling the requirement included in the Cybersecurity Executive Order issued last May by President Biden.
“We didn’t seek to write the pure end-state document for zero trust,” DeRusha noted.