Falling behind on zero trust?

Coming to grips with the complexity of zero-trust security

As fiscal year 2027 (FY27) draws ever closer, many government agencies are struggling to comply with the Federal directive requiring all government agencies to adopt a zero-trust (ZT) security approach and architecture. Many of these ZT efforts are falling behind schedule.

To meet the FY27 ZT mandate, government organizations must appreciate the magnitude of the transformation that’s required. ZT is not merely a technology implementation but an organizational transformation that requires comprehensive change management and stakeholder engagement.

Some agency leaders may be hoping to address the challenge by kicking the can down the road with a deadline extension. But a better approach is to avoid getting lost in the requirements and scale of ZT that may be causing delays, and instead perform an honest evaluation of the organization’s current technologies, processes, and network designs. Then, identify the specific ZT targets at the agency level based on mission, funding, existing technology stacks, workforce skill sets, and strategic goals.

The path to ZT will vary organization to organization. There's tremendous flexibility in ZT and the way a ZT architecture is achieved, including what solutions and processes can or should be used. There are many decisions that must be made throughout the organization to deliver on ZT, but it’s difficult to make decisions and evaluate options inside a vacuum of information.

In this article, we offer insights to help government agencies get their ZT efforts back on track. It lists the key questions they need to start asking now, and offers five practical things they can do to stop or prevent schedule slippages.