“Gerald Caron, CIO and assistant inspector general for information technology at the Department of Health and Human Services (HHS) Office of the Inspector General (OIG), said today he wants Federal agencies to move away from looking at zero trust as a checklist and instead focus on its practical effectiveness to prevent cyberattacks.”
“At the ServiceNow Federal Forum 2022, Caron said he feels the Federal government has a history of being ‘very compliance-focused’ and needs to shift to a mindset of effectiveness when it comes to implementing zero trust, as directed by President Biden’s cybersecurity executive order (EO) issued in May 2021.”
“’There’s a big difference between effectiveness and compliance,’ Caron said at the event. ‘And I think that’s kind of what the executive order is pushing us towards. I mean, the way it’s titled kind of says it right, is we got to be more effective.'”
“Going forward, Caron said agencies should be concerned with measuring the effectiveness of zero trust. The first step in doing that, according to Caron, is to focus on the agency’s data.”
“’First is understanding what the data is, and one of the things that we’re going to be doing is going to identify a data source. We’re going to understand the baseline of where that data is going,’ Caron said. ‘Where’s that data flowing? I got to know what normal looks like before I can say, ‘Is that normal?’ So, really got to understand that baseline…'”
“Caron said he recommends agencies, as well as vendors, get started by taking inventory of their tech to understand where the gaps are…” Read the full article here.
Source: HHS OIG CIO Urges Feds to Focus on Effectiveness of Zero Trust, Rather Than Compliance – By Grace Dille, March 10, 2022. MeriTalk.