The White House released a new cybersecurity strategy Wednesday aimed at reducing the risk of cyberattacks against government infrastructure.
The strategy outlines the administration’s vision for moving government agencies towards a “zero trust” architecture — a cybersecurity model where users and devices are only given permissions to access network resources necessary for the task at hand and are authenticated on a case-by-case basis.
The key document was published as a memorandum from the Office of Management and Budget (OMB), the administration’s policy arm, and addressed to the heads of all executive departments and agencies.
According to the memorandum, shifting towards a zero trust architecture will require the implementation of stronger enterprise identity and access controls, including more widespread use of multi-factor authentication — specifically hardware-based authentication tokens like access cards, rather than push notifications or SMS. Agencies were also instructed to aim for a complete inventory of every device authorized and operated for official business, to be monitored according to specifications set by the Cybersecurity and Infrastructure Security Agency (CISA).