• Compliance Requirements: The agency needed to comply with Executive Order 14028 and OMB Memorandum M-22-09, which mandated the adoption of Zero Trust Principles to improve cybersecurity across Federal agencies.
• Complex Network Environment: The agency's existing network infrastructure did not align with key aspects of Zero Trust such as visibility, segmentation and least privilege:
• Incomplete Visibility into network traffic, making it challenging to define a baseline for "normal" network behavior and to identify deviations
• Undefined Access Policies as the organization operated off an open access policy which leveraged multiple solutions
• Lack of Segmentation via group-based and identity-based policies, and network macro and micro segmentation
• Limited Automation techniques and technologies to enhance security resiliency against sophisticated cyberattacks

Solution

• Comprehensive Zero Trust Assessment conducted by ModernCyber to determine the agency's current architecture, maturity, and strategy mapped to the CISA Zero Trust Maturity Model. Zero Trust Assessment included a survey and detailed analysis of the network, devices, and security policies
  
  
• Incremental Zero Trust Implementation Plan: The assessment identified gaps and provided a structured 3-year Zero Trust Rollout Plan:
  
  
  • Year 1: Establish Visibility and Define Use Cases
    • Implement solutions such as Cisco Secure Network Analytics (CSNA) and Cisco ISE to provide visibility into the network and user access.
    • Establish dynamic group policy with Cisco ISE and Software-Defined Access.
      
      
  • Year 2: Implement Network Access Policy Controls and Macrosegmentation
    • Enforce stringent network access controls and gather identity and device health information.
    • Share identity information with visibility tools to enhance user attribution and policy enforcement.
      
      
  • Year 3: Implement Microsegmentation and Automation
    • Deploy solutions for host-based and network-based segmentation (e.g., Cisco TrustSec, VMWare NSX, Cisco ACI).
    • Utilize SIEM solutions like Splunk for automated incident response and policy enforcement.
    • Integrate automation and orchestration tools to manage dynamic policy enforcement and reduce operational costs.

Results

• Upon completion of Zero Trust Assessment, the customer moved forward with a large adoption of Cisco Secure Network Analytics and Cisco ISE to align with the proposed Year 1 Strategy of the proposed Zero Trust Implementation plan
• Enhanced Security Posture by adopting zero trust principles, reducing the attack surface, and ensuring least privilege access
• Improved Compliance: The agency successfully met the requirements of EO 14028 and OMB Memorandum M-22-09, aligning with Federal cybersecurity mandates
• Operational Efficiency achieved through the customer’s implementation of dynamic policies and automation, while visibility and identity tools provided actionable insights and streamlined policy enforcement
• Future-Ready Infrastructure as the agency was able to establish a scalable and adaptable security framework capable of responding to evolving threats and ensuring resilience and protection of critical assets