Following up on the May 2021 executive order (EO), which requires Federal agencies to adopt zero trust, the Office of Management and Budget (OMB) issued memorandum 22-09 (M-22-09) in January 2022. It sets forth a Federal zero trust architecture strategy, requiring agencies to meet specific cybersecurity objectives by the end of 2024. M-22-09 also provides specific direction for implementing identity-driven security measures, such as multifactor authentication (MFA) to prevent sophisticated online attacks.
What do the memo’s requirements mean for Federal agencies? How can they best implement zero trust? What exactly is “phishing-resistant MFA”? MeriTalk sat down with Bryan Rosensteel, U.S. Federal CTO at Ping Identity, to get the answers to these questions and learn how agencies can best institute zero trust.