The Zero Trust Security Model does include but is not just Multifactor Authentication and verifying the endpoint device. When cybersecurity assessors go to government agencies and find the majority of their third- and fourth-party IT support is non-compliant vendors, the holes in their network are numerous. While many OEMs have demonstrated cybersecurity compliance, they also display many Business Partners on their website who are non-compliant. Yes, it is 2021, and most IT Support and suppliers have not adopted a cybersecurity culture. None of this should be a surprise. The DoD Supply Chain has been required to meet the NIST 800-171 CSF and the soon to be CMMC since 2018. The federal agencies and almost 75% of the US States have adopted the NIST CSF standard. But it is not being enforced. The reality is that IT Support must change in the US infrastructure and not just doing paper drills. For many managers and technical SMEs, it is downloading the NIST CSF, creating policies, procedures, training, execution, verification, and management oversight that can pass internal and external CSF audits. For those that have been breached for allowing leaky networks, the money they saved by hiring non-compliant vendors was quickly lost. And the advice we give to CEOs and Boards is that when an enterprise does enforce CSFs on new contracts, the old vendors typically no bid since they are not qualified. There is nothing like the vendor losing money that gets the point across.
Related article: Zero Trust Is No Longer Optional for Agencies. Now What? | FedTech Magazine
Related article: Zero Trust Is No Longer Optional for Agencies. Now What? | FedTech Magazine
It is up for you to choose your qualified vendors. TechR2’s products and services meet the Zero Trust Security Model. ISO and NIST certified TechR2 systems are verified through internal and external audits.
