Log in
Show password
Forgot password ?
Become a member for free
Sign up
Sign up
New member
Sign up for FREE
New customer
Discover our services
Dynamic quotes 


SummaryMost relevantAll NewsAnalyst Reco.Other languagesPress ReleasesOfficial PublicationsSector newsMarketScreener Strategies

Zero Trust and the Federal Government: Feedback for Progress

10/22/2021 | 07:34pm EST

On May 12, President Biden signed a cybersecurity Executive Order (EO) aimed at improving efforts to "identify, deter, protect against, detect, and respond to these actions and actors".

The order aims to improve federal security practices and threat intelligence sharing amongst federal agencies and the private sector; enhance software supply chain security, and improve federal security incident response. The impact of this order will ultimately extend beyond federal agencies, impacting vendors who directly support the government, and then passing on those requirements and features to their customer base. Central to the order is the implementation of zero trust security measures in all Federal agencies.

Cisco is proud to be a member of the Joint Cybersecurity Defense Collaborative, and is committed to improving the security of our entire community. We believe that zero trust principles and technologies will have positive impacts on the federal cybersecurity posture. We have reviewed and provided feedback to the draft documents that have been produced by the Office of Management and Budget (OMB) and the Cybersecurity and Infrastructure Security Agency (CISA), including:

Each document serves a different purpose, with a different audience. Taken together, they form the basis of a zero trust foundation that agencies can use to implement and accelerate their zero trust strategies. Cisco has made enhancement suggestions to the authoring agencies, and there are some common themes across the three documents:

Consistency: Although each document speaks to a different primary audience, they should work in concert, adding to a common understanding of how and why to implement zero trust. In their current form, there are inconsistencies between them, for example the maturity model has different pillars than the strategy document. Variations like this will only serve to confuse implementers and delay progress. The final documents should be rationalized against each other.

Metrics and Measures: Our experience both internally and with customers shows that the zero trust journey is never complete, but instead becomes a way of operating. Leadership will need ways to measure not only the implementation of zero trust technologies, but also how effective the zero trust strategies are in mitigating and responding to threats over the long run. Each document should provide guidance on what and how to measure agency zero trust efforts. Consideration should be given to align these metrics to Federal Information Security Modernization Act (FISMA) and other existing security guidance requirements.

Risk-Based Approach: Zero trust cannot be imposed on an agency immediately, so choices must be made as to where to begin, and in what order to apply architectural elements. Given the current threats facing federal agencies, we recommend CISA be more prescriptive, based on known threats, as to where to focus first. This should be reflected in all three resources, and particularly the Strategy and Maturity Model documents. For example:

  • Ransomware: Evaluating zero trust controls through the cyber kill chain, and requiring those controls be implemented first.Calling out MFA is a good first step, but items such as continuous monitoring of device health to detect malicious software, as well as securing email security architectures, would go a long way to minimizing the impact of ransomware first.
  • Misuse of Legitimate credentials: Malicious insiders or not, the misuse of legitimate credentials remains a high risk area for government agencies. Leveraging least principle philosophies along with zero trust architectures such as network segmentation and east-west traffic monitoring will support controlling for this kind of threat.

Use Cases: Readers of these documents will benefit from having real world examples on which to model their own strategies. The maturity model begins to introduce use cases, but more can be done there, and use cases should be added to the other documents as well. Guidance should also be provided for use cases of assets that cannot be integrated into a zero trust architecture. Using practical examples of zero trust implementation will assist agencies to better define the architectures they need and to prioritize their deployments.

Leadership: All three documents are targeted at IT and Security teams within federal agencies. For security programs to be successful, full engagement is required from agency leadership. Additionally, implementation of zero trust principles will result in changes to the way the entire agency works, and will change risk tolerance for all agency employees. This effort must be visibly supported by non-technical agency leadership. These documents, particularly the strategy document, should make this clear.

Cisco is encouraged by the progress being made by the Federal government to strengthen their cybersecurity posture. The draft documents listed above are a tremendous addition to the existing cybersecurity resources available to agencies and their supply chain partners. We look forward to continuing our partnership with CISA, OMB and other agencies, and appreciate the opportunity to provide recommendations to improve these resources.

We'd love to hear what you think. Ask a Question, Comment Below, and Stay Connected with Cisco Secure on social!

Cisco Secure Social Channels




Cisco Systems Inc. published this content on 22 October 2021 and is solely responsible for the information contained therein. Distributed by Public, unedited and unaltered, on 22 October 2021 23:33:07 UTC.

ę Publicnow 2021
All news about CISCO SYSTEMS, INC.
12/07Google Says Introducing Video Conferencing Interoperability For Google Meet With Cisco ..
12/07Google says introducing video conferencing interoperability for google meet with cisco ..
12/07CISCO : Become a Hero with Cisco Block Belt Academy
12/07CISCO : Meet the Smallest IOS XR Router Ever!
12/07CISCO : Presenting the Security Outcomes Study, Volume 2
12/07CISCO : Overcoming Self-Doubt to Reach My Goals
12/07Global Cisco Study Identifies Top Security Practices to Detect Threats and Ensure Busin..
12/06CISCO : New Learning Labs Teach You XML/XPath for NSO
12/06CISCO : Equipping and Empowering Retail Associates During the Holiday Season
12/06CISCO : Miercom study validates performance of Cisco's SASE solution with advanced securit..
More news
Analyst Recommendations on CISCO SYSTEMS, INC.
More recommendations
Financials (USD)
Sales 2022 52 747 M - -
Net income 2022 12 236 M - -
Net cash 2022 18 827 M - -
P/E ratio 2022 20,0x
Yield 2022 2,56%
Capitalization 245 B 245 B -
EV / Sales 2022 4,29x
EV / Sales 2023 3,95x
Nbr of Employees 79 500
Free-Float 99,9%
Duration : Period :
Cisco Systems, Inc. Technical Analysis Chart | MarketScreener
Full-screen chart
Technical analysis trends CISCO SYSTEMS, INC.
Short TermMid-TermLong Term
Income Statement Evolution
Mean consensus OUTPERFORM
Number of Analysts 28
Last Close Price 58,08 $
Average target price 62,44 $
Spread / Average Target 7,51%
EPS Revisions
Managers and Directors
Charles H. Robbins Chairman & Chief Executive Officer
Richard Scott Herren Chief Financial Officer & Executive VP
Jacqueline Guichelaar Group Chief Information Officer & Senior VP
Roland Acra Chief Technology Officer & Senior Vice President
Maria Martinez Chief Operating Officer & Executive Vice President
Sector and Competitors
1st jan.Capi. (M$)
CISCO SYSTEMS, INC.29.79%244 959
ERICSSON-2.00%34 951
NOKIA OYJ66.90%33 380