On January 26th, 2022, the Office of Management and Budget (OMB) issued Memorandum (memo) M-22-09: “Moving the U.S. Government Toward Zero Trust Cybersecurity Principles” to the Federal Government. The OMB issued this memo, which we’ll also refer to as “the Zero Trust memo,” in support of President Biden’s Executive Order (EO) 14028: “Improving the Nation’s Cybersecurity,” which mandated the adoption of Zero Trust after a series of cyberattacks on the Federal Government and critical infrastructure.
So, what does this all mean, and why is it important to understand?
While M-22-09 isn’t the first piece of Zero Trust guidance issued to the Federal Government, it is certainly the most significant to date. This is the first piece of true policy that not only advises on best practices for implementing Zero Trust, but also mandates specific strategic goals and actions that agencies must satisfy—all by the end of Federal fiscal year 2024. Of note, one of these strategic goals focuses on identity.
Continue reading to learn:
Who the Zero Trust memo applies to
Key actions that are part of the strategic identity goal, and
How to complete those actions