Organizations that have been around for a while—such as many federal agencies—will find it particularly difficult to achieve their ultimate goal in designing ‘zero-trust’ systems, because various products needed to fully realize the concept don’t always work together, the Government Accountability Office recently wrote in a briefing document aimed at lawmakers.
Federal agencies are required to implement Zero Trust Architectures—or ZTA—by the end of fiscal year 2024 under guidance the Office of Management and Budget issued to comply with a May 2021 cybersecurity executive order. President Joe Biden issued the order in response to the intrusion campaign generally referred to as the SolarWinds hack, which also involved Microsoft’s Active Directory Federation System and hijacking legitimate credentials to move laterally within victim networks…
Expanding on the point, the GAO document cited work from the National Institute of Standards and Technology in highlighting the challenge.
“Organizations attempting to implement ZTA have faced difficulties,” GAO wrote. “For example, a NIST project to build and demonstrate examples of ZTA using products and technologies from different vendors found that many [Identity, Credential and Access Management] and endpoint protection technologies could not be integrated into a functional ZTA.” … Read the full article here.
