Quick Read

Federal Zero Trust Strategy

June 21, 2022

What is Zero Trust?

Zero Trust is a network paradigm built on the idea that trust does not exist within the scope of cyber operations – be it between a network and its users, a network and its architectural components, or a user base and its organization.

This architectural design allows for more coverage and flexibility, especially for a global network that contains all kinds of elements, from tactical edge IoT devices up to large cloud-based applications, all working somewhat together. Zero Trust allows these disparate elements to share a common authentication process, providing security without compromising flexibility.

Again, architecturally, a Zero Trust network requires no formal perimeter. Thus, all data needs to be protected as though it is already exposed and vulnerable. To protect the elements of this architecture, every point within the network will constantly require some form of authentication to access the data behind it.

Federal Zero Trust architecture strategy

In January 2022, the Executive Office of the President: Office of Management and Budget released a memorandum for executive departments and agencies. This memo is aligned with the executive order detailing the U.S. government’s shift to a Zero Trust enterprise.

In the current threat environment, agencies and the whole of federal government can no longer depend on traditional perimeter-based defenses to protect critical systems and data. As President Biden stated in EO 14028, “Incremental improvements will not give us the security we need; instead, the Federal Government needs to make bold changes and significant investments to defend the vital institutions that underpin the American way of life.”

Authentication: the key pillar in Zero Trust

This strategy places significant emphasis on stronger enterprise identity and access controls, including multi-factor authentication (MFA). Without secure, enterprise-managed identity systems, adversaries can steal user accounts and gain a foothold in an agency to steal data or launch attacks. This strategy sets a new baseline for access controls across the government that prioritizes defense against sophisticated phishing, and directs agencies to consolidate identity systems so that protections and monitoring can be consistently applied. From documents such as the NIST SP 800-207 outlining a Zero Trust architecture, we know:

  • Authentication must be multi-factored in nature
  • Authentication must support enforcement of different MFA policies for different network resources (e.g., more stringent authentication for more sensitive resources and vice versa)
  • Authentication must be triggered upon the network’s receipt of a user’s request to access a resource

From this we can clearly glean that authentication is the key to actualizing Zero Trust. Furthermore, authentication is required for not only the user but for the device as well. The reference Zero Trust architecture put forward by DISA supports separating the user and device into two of the main pillars of Zero Trust Architectures.

How the ZKX Engine enforces this strategy

The ZKX engine delivers MFA in a way that is more suitable for today’s cyber operations, designed with security and usability built in as core considerations, not as afterthoughts. The ZKX engine is driven at its core by zero-knowledge proofs (ZKPs) which, when combined with other features unique to the ZKX MFA engine, enables users to authenticate themselves and their device simultaneously without ever risking sensitive authenticating data (credentials, tokens, cookies, etc.) for exposure.

ZKX protects the network from catastrophic damage from malicious actors while ensuring the security of end devices and, ultimately, users both within the larger enterprise and at the edge. The information used to verify a user’s identity claims are stored on the network via public key data, minimizing a database’s value as a target for an attacker. The ZKX MFA engine integrates seamlessly with key architectural components of the recipient’s choosing, enabling any compute platform to participate in the ZKX paradigm and effectively bridging the enterprise and the edges with Zero Trust MFA.

Moving the U.S. Government and Military towards a Zero Trust architecture

ZKX Solutions has a number of resources available on our site that can help guide government agencies and the U.S. military towards a Zero Trust architecture.