Home Office considers zero trust across government
The Home Office sets out the foundations of its government-wide zero trust commitment, as initially planned in the Cybersecurity Strategy 2023-2023.
In a consultation paper published last month titled Guiding Principles for Embedding a Zero Trust CultureThe department has set out guiding principles for strengthening current policies to ensure that all departments and stakeholders are on the same page.
“The success of these initiatives, such as developing a government-wide culture of zero trust, relies on a collaborative and aligned approach with all relevant stakeholders,” the document states, emphasizing the importance of collaboration with the industry.
Home Affairs outlined five guiding principles in the document:
Identify and manage cybersecurity risks at the enterprise level: Cyber risks and threats should be considered a business-level concern. This means including it in the agency’s “broader risk management framework” and taking it into account when making critical operational decisions.
Understand responsibilities and accountabilities at all levels: Robust accountability mechanisms must be established, and clear roles and responsibilities must be defined for establishing the foundations of a zero trust culture.
Know and understand your most critical and sensitive technology assets: Understand what your most critical and sensitive assets are and build staff cybersecurity knowledge and awareness, ensuring they are cybersecurity literate and able to “navigate and respond to cyber threats” .
Maintain resilience through a comprehensive cyber strategy and upgrade plans: Commonwealth agencies are required to “develop, maintain and enable a robust cyber strategy, essential to building cyber resilience”. Agencies must consider current and future threat trends to ensure a robust security strategy.
Go beyond incident planning: Follow the fundamentals of Zero Trust, which is to assume the worst. Cyber planning must assume that there is a threat actor or breach and always verify users at all times, assuming that “no system or user is inherently secure.”
The Home Office said it would implement the five guiding principles by amending the annual version of the Protection Security Policy Framework 25, as well as the Accommodation Certification Framework and the Resilient Digital Infrastructure Framework.
“Together, these mechanisms act as powerful levers for change by establishing consistent and high standards that encourage a culture of continuous verification, risk mitigation and advance our journey along the cyber resilience continuum,” it says. -he.
Home Affairs accepts proposed directions for reforms from the three frameworks.