Federal agencies have a mandate to move to zero trust for cybersecurity, as part of President Joe Biden’s May 12 executive order . But many IT leaders may still be figuring out what exactly that means for their organizations.

The White House is helping agencies along , and the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency recently developed a zero-trust maturity model to help agencies determine their progress across five pillars: identity, device, network, application workload and data.

That first pillar, identity, is essential. In a zero-trust world, even though an agency has issued a device to a user, that device and that user are not trusted until they have been authenticated, via multi-factor authentication (MFA) such as Common Access Card and PIN, or through Microsoft 365 MFA. The key is that anytime anything requests access to anything else, that thing — a person, a device or an application […]