Zero Trust Mandates Require 100 Percent Device Visibility

Updated December 8, 2022.

Every day, the federal government relies on IT infrastructure to support and power mission accomplishment. But over the past few years federal infrastructure has been buffeted by multiple megatrends that have fundamentally altered the threat environment.

Continued migration to the cloud, the move to mobile and BYOD, the convergence of IT/OT/IoT, and the sharp increase in remote working due to the pandemic have changed how the government must approach cybersecurity.

There’s no mistaking that the government understands it can no longer depend on conventional perimeter-based defenses to protect critical systems and data. In May of last year the President issued Executive Order (EO) 14028, Improving the Nation’s Cybersecurity.

EO 14028 is a government-wide effort to ensure that baseline security practices are in place, to migrate the Federal Government to a zero trust architecture (ZTA), and to realize the security benefits of cloud-based infrastructure while mitigating associated risks.

The US Government Zero Trust Architecture Strategy

Towards that end the Office of Management and Budget (OMB) released Memo 22-09, providing specific goals and deadlines for implementing ZTA. These deadlines require agencies to achieve specific zero trust security goals by the end of Fiscal Year (FY) 2024.

These goals are organized using the zero trust maturity model developed by the Cybersecurity and Infrastructure Security Agency (CISA). CISA’s zero trust model describes five complementary areas of effort (Identity, Devices, Networks, Applications and Workloads, and Data), with three themes that cut across these areas (Visibility and Analytics, Automation and Orchestration, and Governance).

But you can’t defend against threats you cannot see. Issues like log4j have exposed the hidden threat of outdated devices throughout complex environments like those of federal agencies. Due to the explosion of end points in the past few years many agencies can’t even see the totality their entire infrastructure, never mind defend it.

CISA Device Pillar

This must change, since ZTA allows for zero blind spots. To illustrate what’s required, we’ll focus in on the second of the five pillars identified in Memo 22-09, Devices.

This is how the memo describes the vision and actions required:

Agencies maintain a complete inventory of every device authorized and operated for official business and can prevent, detect, and respond to incidents on those devices. 

1. Agencies must create reliable asset inventories through participation in CISA’s Continuous Diagnostics and Mitigation (CDM) program. 

• CISA will design the CDM program to better support a cloud-oriented Federal architecture. 

2. Agencies must ensure their Endpoint Detection and Response (EDR) tools meet CISA’s technical requirements and are deployed widely. 

• Agencies must work with CISA to identify implementation gaps, coordinate the deployment of EDR tools, and establish information-sharing capabilities, as described in M-22-01

A necessary foundation for any enterprise-wide zero trust architecture is a complete understanding of the devices, users, and systems interacting within an organization. For most enterprises, creating and maintaining a complete inventory over time requires tools that can support the dynamic discovery and cataloging of assets.

How Armis Helps Implement Executive Order 14028

Armis can be the tool to meet this ZTA requirement for federal agencies. Armis provides 100 percent visibility of network assets – managed, unmanaged, BYOD and cloud. The Armis platform collects data using a virtual appliance that sits out-of-band and passively monitors traffic with no impact on network performance, other devices, or your users.

There are no agents to deploy or manage, and real-time security analysis and benefits are delivered immediately.

Why Armis:

• Easy and fast to deploy – most customer can deploy in one hour
• Visibility to all unmanaged and IoT devices – unlike other security controls
• Internal Device Knowledgebase knows more about more devices and their behavior (proper and improper) than any other provider
• Integrates with existing client workflows and systems – technology agnostic
• Rapid time to value
• Armis is on CISA’s CDM Approved Product List

Give Full Asset Visibility to Meet ZTA Mandates

Armis provides the most comprehensive, unified asset inventory and device discovery available today. Clients see what each device is (make, model, location, and more) as well as the risks and software vulnerabilities on each device.

The Armis platform can then share this information with other Zero Trust systems to allow them to make better decisions about risk and network access – complying with additional pillars in the CISA ZTA model.

To learn more about the Zero Trust architecture and how Armis can help, watch our webinar:
Zero Trust Security for Unmanaged and IoT Devices.