NOTE: This article was originally shared from FedScoop. Reprinting portions here with additional information.
While this article is still specific to federal agencies, I believe that many/most miss the fact that this will cascade to companies providing a service to government agencies (federal and local), and then to consumer software. I do not think that product teams have this in their 2022-2024 roadmaps.
—There is nothing groundbreaking/new in any of these new documents; most of the referenced best practices have been published for more than a decade. This is an escalation and acknowledgment that there is not a full understanding of how to implement the standards and/or the staff to get it done. (Given the disconnect in survey responses and actual assessment results, most businesses do not realize how far off they are.)
If you do not read the article, a few specific call-outs....
Included in the new document are a number of concrete deadlines by which senior technology leaders must ensure certain security measures are enacted.
Within 60 days of the memorandum being issued, agencies must incorporate the additional requirements identified in the document and submit an implementation plan for fiscal 2022-2024 to OMB and CISA for review.
And...
According to the new guidance, agencies must also create reliable asset inventories through participation in CISA’s Continuous Diagnostics and Mitigation program. They must ensure also that endpoint detection and response tools meet CISA’s technical requirements and are deployed widely.
White House publishes final zero trust strategy for federal agencies - FedScoop
M-22-09 Federal Zero Trust Strategy (Local PDF)
Republished from FedScoop, ©2022. All rights reserved. Portions reprinted with additional information and context provided inline.
תגובות