This is indeed extremely interesting. The actual doc from the White House is even more specific - basically giving all agencies 30 days to designate a lead, 60 days to formulate a plan, and 2 years to have it implemented. On page 4 it states (under “Actions”) the following (bolding is from the document):
"This memorandum requires agencies to achieve specific zero trust security goals by the end of Fiscal Year (FY) 2024. These goals are organized using the zero trust maturity model developed by CISA. CISA’s zero trust model describes five complementary areas of effort (pillars) (Identity, Devices, Networks, Applications and Workloads, and Data), with three themes that cut across these areas (Visibility and Analytics, Automation and Orchestration, and Governance).
The strategic goals set forth in this memorandum align with CISA’s five pillars:
1. Identity: Agency staff use enterprise-managed identities to access the applications they use in their work. Phishing-resistant MFA protects those personnel from sophisticated online attacks.
2. Devices: The Federal Government has a complete inventory of every device it operates and authorizes for Government use, and can prevent, detect, and respond to incidents on those devices.
3. Networks: Agencies encrypt all DNS requests and HTTP traffic within their environment, and begin executing a plan to break down their perimeters into isolated environments.
4. Applications and Workloads: Agencies treat all applications as internet-connected, routinely subject their applications to rigorous empirical testing, and welcome external vulnerability reports.
5. Data: Agencies are on a clear, shared path to deploy protections that make use of thorough data categorization. Agencies are taking advantage of cloud security services to monitor access to their sensitive data, and have implemented enterprise-wide logging and information sharing."
This is quite bullish for the companies we follow, by my reading, as follows:
1 → Okta
2 → Crowdstrike, SentinelOne
3 → Zscaler
4 → Crowdstrike, SentinelOne, Datadog
5 → Datadog
Anyone have more insight on this?
(Long DDOG, S, ZS)