Tech Industry Group Weighs in on Federal Zero Trust Strategy

The Information Technology Industry Council, which represents dozens of large tech firms, offered recommendations Wednesday to the Office of Management and Budget regarding draft guidance on zero-trust cybersecurity architectures the agency published in early September.

The guidance sought public comment on an overarching federal policy from OMB as well as draft technical reference architecture and maturity model from Cybersecurity and Infrastructure Security Agency. The guidance followed President Biden’s May executive order on strengthening cybersecurity across the federal government, calling out numerous specific tools and tactics based on the concept of zero trust.  

“We agree with OMB’s objective to promote the intelligent and vigorous use of modern technology and security practices, while simultaneously avoiding disruption by malicious cyber campaigns,” the tech trade association wrote in its comments. “The strategy will provide actionable guidance to agencies as they are undergoing a major paradigm shift. Given the criticality of the subject matter, we encourage OMB to keep involving relevant stakeholders in the drafting of such guidance. We remain committed to sharing our experience and lessons learned to help streamlining the federal adoption of zero trust.”

ITI’s comments are generally complimentary of the administration’s push for zero trust architectures. However, the trade association makes numerous recommendations it believes will “support agencies’ migrations’” to zero trust architectures. Those recommendations include aligning targeted end-state to use cases rather than technology silos; involving agency leadership in zero trust migrations; expanding guidance on hybrid and bring-your-own-device work environments, and reflecting mandates in agency budgets.