The National Geospatial-Intelligence Agency (NGA) and the Department of Homeland Security Science and Technology Directorate (DHS S&T) are taking unique approaches to implementing zero trust capabilities as part of their cybersecurity strategies. Zero trust is an approach to security that relies on the principle of verifying all users, devices, and data before granting access to a network or system. The NGA is working on applying zero trust across over 1,300 systems and applications, requiring a different approach to meet the goals of the intelligence community and the Defense Department. The DHS S&T is focusing on developing standards to assess the integrity of zero trust implementations and to improve fundamental technologies beyond what commercial solutions offer. Both agencies are committed to enhancing cybersecurity and protecting sensitive data.
The NGA has identified seven minimal viable products (MVPs) to address zero trust pillars and has broken these down into 91 different zero trust activities and 170 enterprise requirements. The agency is also working on getting all parts of the organization on board with the zero trust approach. The Energy Department, on the other hand, is focusing on a workforce-first approach and is requiring a minimum level of training for all employees on zero trust. The department is investing in people and training as one of its most important zero trust initiatives. The Consumer Financial Protection Bureau is also emphasizing the application pillar of zero trust and is building its own software to ensure cybersecurity throughout the development process.