How to Meet Federal Zero Trust Compliance in 2023
Table of Contents
Introduction
Before the widespread normalization of remote work, organizations could secure their assets by securing their office. A perimeter firewall effectively protected against cyber threats, separating the corporate intranet from the internet. Today, however, the corporate boundaries have expanded to accommodate remote work. The entire world is connected via the internet, and the internet is shared by every person, in every industry, and located in every country around the world. While this interconnectivity has improved daily life, making it easier to share information and collaborate, it has also provided opportunities for cybercriminals. Any internet-accessible device is a potential target for hackers, and as evidenced by the number of successful cyberattacks, many companies are struggling to provide adequate protection against these persistent attackers.
What Is the President’s Executive Order 14028 on Improving the Nation’s Cybersecurity?
President Biden signed Executive Order (EO) 14028 in response to the rise in significant cybercrimes, such as the SolarWinds attack and the Colonial Pipeline attack. This EO mandates improved security measures that must be implemented to guard the government's critical data and infrastructure. To better protect the United States, the EO defines measures to improve the security posture of the US government, including moving towards a Zero Trust architecture. In the EO, President Biden recognizes that more than a gradual change will be needed; the government needs to lead by example, implement security improvements quickly, and continually adapt to the ever-changing threat landscape.
EO 14028 outlines specific areas in which improvements are needed, including better sharing of information about threats or incidents across the federal and private sectors, creating a standardized playbook to guide government agencies in their response to vulnerabilities and incidents, and improved detection, investigation, and remediation of incidents within Federal networks.
As the threat landscape continues to evolve, so must the Nation’s security posture. Updated instructions on how to comply with EO 14028 were contained in the Office of Management and Budget (OMB) memorandum M-22-09, which requires Federal agencies to meet specific Zero Trust architecture (ZTA) cybersecurity standards by the end of Fiscal Year 2024. And just this year, CISA released an updated Zero Trust Maturity Model (ZTMM) that serves as an easy-to-follow roadmap to guide organizations toward meeting the 2024 deadline.
Related Content: “ThreatLocker and the CISA Zero Trust Maturity Model Version 2.0”
Why Is President Biden’s EO Important?
With the continual rise in serious cyberattacks, guidance from the US government couldn't have arrived at a better time. The US critical infrastructure is an attractive target for the country's adversaries that seek to cripple them. Businesses today rely on infrastructure such as electricity and telecommunications. A successful cyberattack could bring the entire US to a halt. The attack on the Colonial Pipeline forced gas prices to spike, panic buying caused gas shortages, and jet fuel shortages caused disruption to air travel. This was a single attack on a single system; imagine if there were a coordinated effort to hit multiple systems simultaneously.
These cyberattacks are only becoming more commonplace since Russia's invasion of Ukraine. According to Forbes, cyberattacks rose over 800% in the two days immediately following the initial conflict. Cyber terrorism and cyber warfare have gained popularity and are more challenging to defend against than attacks by sea or air. Securing the Nation's cyberspace is as important as securing its physical space.
How Can ThreatLocker Assist with Meeting the Zero Trust Architecture 2024 Deadline?
The ThreatLocker Endpoint Protection Platform can help organizations meet the 2024 ZTA deadline. ThreatLocker Allowlisting uses a default deny approach. Any application, script, or library not included on the allow list will be unable to run. Combine Allowlisting with Ringfencing™ to place boundaries on permitted applications to control their access to other applications, the registry, the internet, or protected files. Allowlisting and Ringfencing™ help keep the enterprise in control of its endpoints, providing powerful protection against known and unknown threats, including malware and ransomware.
ThreatLocker Network Control is a centrally managed endpoint and server firewall. Network Control enables complete control over inbound network traffic on all ThreatLocker-protected devices. Block all inbound traffic and permit access to specific ports and services by only the devices requiring access. With dynamic ACLs and agent authentication, ports open automatically on demand for approved devices. Unauthorized devices will be unable to see or connect to the open port. Once the permitted connection is terminated, the open port automatically closes in five minutes. Organizations can use ThreatLocker Network Control to restrict what devices can connect to their valuable servers and log all network activity in the Unified Audit.
ThreatLocker Configuration Manager can disable OLE and downloaded macros in MS Office. These are commonly abused to sneak ransomware into an environment using phishing emails. Enterprises can disable these features company-wide, whether or not the endpoints are domain joined, to ensure that even when an end user clicks on an MS Office document attached to an email, malware cannot execute.
All the modules that make up the ThreatLocker Endpoint Protection Platform can be combined to provide effective, proactive protection against malware, whether well-known or zero-day. Schedule a demo to see the entire ThreatLocker Endpoint Protection Suite in action, and how it can help your business meet the Federal Zero Trust compliance deadline.
