Veterans Cybersecurity Group Introduces a “Zero Trust Proving Ground” as an essential step in Zero Trust Testing for Federal Agencies
- President Biden’s Executive Order 14028 mandates federal agencies to implement a zero-trust architecture by the end of FY 2024.
- Veterans Cybersecurity Group (VCSG) aims to establish a Zero Trust Proving Ground (ZTPG) to test and evaluate zero-trust network architectures (ZTA) implementations.
- The ZTPG will be hosted on an established Cyber Range and will contribute to the development of a standardized ZTA testing framework.
- VCSG is seeking stakeholders including federal agencies, cybersecurity vendors, standards bodies, and cybersecurity non-profits to participate in the project.
The Veterans Cybersecurity Group (VCSG) has introduced a “Zero Trust Proving Ground” (ZTPG) as an essential step in Zero Trust Testing for Federal Agencies. The introduction of the ZTPG comes in response to President Biden’s Executive Order 14028, which mandates that federal agencies develop plans to implement a zero-trust architecture (ZTA) by the end of FY 2024.
Currently, the lack of zero-trust standards and an established testing methodology is a major obstacle in achieving these goals. While organizations such as NIST and CISA have defined principles, there are no standardized zero-trust standards to test and validate complex ZTA solutions. The IEEE Zero Trust Working Group (ZTWG) has been tasked with developing a Zero Trust ISO Standard, but this is a yearslong process. In the meantime, VCSG aims to establish testing criteria immediately through an iterative SecDevOps approach.
The ZTPG will assist federal agencies in meeting their zero-trust goals by contributing to an auditable testing standard for ZTA solutions. It will be hosted on an established Cyber Range utilized by government agencies as a virtual cybersecurity training and testing environment. This will allow multiple “communities of interest” to implement cyber-attack and exploitation scenarios.
VCSG aims to bring together government and industry to establish a rigorous testing standard for ZTA solutions. The ZTPG will conduct extensive vulnerability analysis and penetration testing to inform the development of a standardized ZTA testing framework. This framework will empower federal agencies to evaluate and integrate third-party ZTA solutions into their cybersecurity architectures.
VCSG is seeking stakeholders to participate in the project. This includes federal agencies seeking information to develop future Requests for Proposals (RFPs), cybersecurity vendors seeking to have their ZTA products and services demonstrated and tested, standards bodies such as the IEEE ZTWG, and cybersecurity non-profits with the mission to provide training and awareness for Zero Trust best practices.
Interested stakeholders are encouraged to contact VCSG President Paul Gozaloff for more information.