DRAFT FOR PUBLIC COMMENT
1
SUBJECT: Moving the U.S. Government Towards Zero Trust Cybersecurity Principles
AUTHOR: Office of Management and Budget
I. Overview
The United States Government faces increasingly sophisticated and persistent cyber threat
campaigns that target its technology infrastructure, threatening public safety and privacy,
damaging the American economy, and weakening trust in Government.
Every day, the Federal Government executes unique and deeply challenging missions: agencies
safeguard our nation’s critical infrastructure, conduct scientific research, engage in diplomacy,
and provide benefits and services for the American people, among many other public functions.
To deliver on these missions effectively, our nation must make intelligent and vigorous use of
modern technology and security practices, while avoiding disruption by malicious cyber
campaigns.
Successfully modernizing the Federal Government’s approach to security requires a
Government-wide endeavor. In May of 2021, the President issued Executive Order (EO) 14028,
Improving the Nation’s Cybersecurity,
1
initiating a sweeping government-wide effort to ensure
that baseline security practices are in place, to migrate the Federal Government to a zero trust
architecture, and to realize the security benefits of cloud-based infrastructure while mitigating
associated risks.
1
Exec. Order No. 14028, 86 FR 26633 (2021). https://www.federalregister.gov/d/2021-10460
