White House tells agencies to sign up to Zero Trust security plans

US government wants its agencies to tighten up on cybersecurity

When you purchase through links on our site, we may earn an affiliate commission.Here’s how it works.

The White House has told government agencies to get signed up tozero-trustsecurity practices in a bid to boost its online protection/

Amemofrom the Office of Management and Budget (OBM), the White House’s budget managementarm, advises all the heads of executive departments and agencies to move towards zero-trust, a cybersecurity model in which devices, apps, and individuals are “never trusted, and always verified”, and access to different resources is only given for the task at hand, with everything authenticated on a case-by-case basis.

Moving towards zero-trust, the memorandum further explains, will mean listing the complete inventory of devices, implementing stronger identity and access controls, and going for more multi-factor authentication. The devices would need to be monitored as per the specifications set by the Cybersecurity and Infrastructure Security Agency (CISA). Simply runningantivirusand afirewallwon’t suffice, it seems.

Motivated by log4j

“In the face of increasingly sophisticated cyber threats, the Administration is taking decisive action to bolster the Federal Government’s cyber defenses,” said acting OMB director Shalanda Young.

“This zero-trust strategy is about ensuring the Federal Government leads by example, and it marks another key milestone in our efforts to repel attacks from those who would do the United States harm.”

One of the reasons that prompted the White House to publish this memo seems to be the recently discovered log4j flaw. The zero-day, which was first discovered late last year, affected countless online services, and was described as one of the most dangerous flaws ever discovered, due to its destructive potential, and the ease with which it can be exploited.

Apache has since issued multiple patches in an attempt to plug the hole.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

White House calls summit on open source security following Log4j attacks

Most companies are failing to implement their zero trust strategies effectively

Zero Trust: a priority from the boardroom down

“As our adversaries continue to pursue innovative ways to breach our infrastructure, we must continue to fundamentally transform our approach to federal cybersecurity,” added CISA director Jen Easterly.

“Zero trust is a key element of this effort to modernize and strengthen our defenses. CISA will continue to provide technical support and operational expertise to agencies as we strive to achieve a shared baseline of maturity.”

Via:The Verge

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Phishing attacks surge in 2024 as cybercriminals adopt AI tools and multi-channel tactics

This new phishing strategy utilizes GitHub comments to distribute malware

Smeg Combi Steam Oven review: a multi-functional countertop oven that looks stunning and cooks well