Federal government agencies will adopt zero trust cybersecurity principles to meet specific standards and objectives as newly detailed by the Office of Management and Budget (OMB), according to a new memorandum issued by the supervisory office.In a zero trust model, no actor, system, network or service operating outside or within the security perimeter is trusted. Everything every time must be verified prior to access. It represents a dramatic shift from how infrastructure, networks and data have been secured in federal agencies for years. In increasing numbers, both the public and the private sector are navigating towards the security framework.MSSPs and their cybersecurity platform providers are attune to the Zero Trust trend. True believers include BlackBerry and the company' Cylance team -- which has been evangelizing Zero Trust strategies to MSSPs for quite some time.Federal staff have enterprise-managed accounts, allowing them to access everything they need to do their job while remaining reliably protected from even targeted, sophisticated phishing attacks. The devices that federal staff use to do their jobs are consistently tracked and monitored, and the security posture of those devices is taken into account when granting access to internal resources. Agency systems are isolated from each other, and the network traffic flowing between and within them is reliably encrypted. Enterprise applications are tested internally and externally, and can be made available to staff securely over the internet. Federal security teams and data teams work together to develop data categories and security rules to automatically detect and ultimately block unauthorized access to sensitive information. “Federal applications cannot rely on network perimeter protections to guard against unauthorized access,” the agency said. “Users should log into applications, rather than networks, and enterprise applications should eventually be able to be used over the public internet. In the near term, every application should be treated as internet-accessible from a security perspective.”