When the Biden Administration released its Cybersecurity Executive Order in May 2021, it was clear that Zero Trust would be a central component of the government’s security approach moving forward. Agencies and their partners scrambled to assess their existing Zero Trust investments and the gaps that would need to be filled in order to quickly ramp up implementation. Six months later, after hearing from customers and integrators about the challenges they face, Tripwire experts have published a whitepaper offering their point of view about what they believe federal practitioners must consider as they move forward on Zero Trust implementation. 

In the whitepaper, our team discussed how agencies that implement a Zero Trust Architecture (ZTA) without implementing controls to establish and maintain system integrity across all critical systems will not achieve true Zero Trust.

“All zero trust architectures must align to a known, trusted state, and stay that way,” says Tim Erlin, VP of Strategy for Tripwire. “In federal security circles, there is a lot of conversation now about how to authenticate successfully, how to determine the trustworthiness of a request or determining whether the request is coming from an individual or a device, but how you maintain the trustworthiness of the systems involved in a Zero Trust architecture itself doesn’t seem to be a big topic of discussion.”

In a recent podcast, I explained further:

…in order to trust a particular device that is connecting into a given system for a particular session, in addition to property credentialing itself, the secure state of that device is also a very important factor. It may properly authenticate in as a device that has some degree of trust by virtue of it being an enterprise-maintained, enterprise-issued device. But, do we know that that particular system is actually in a hardened (Read more...)