Skip to main content

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

October 31, 2024

CDO Council and CISO Council Release Joint Guide on Federal Zero Trust Data Security

By Kirsten Dalboe, Federal Energy Regulatory Commission CDO, Chair of CDO Council and Steven Hernandez, Department of Education CISO, Co-Chair of CISO Council

Today, the CISO Council and CDO Council released the Federal Zero Trust (ZT) Data Security Guide, a first-of-its-kind document and key deliverable of OMB M-22-09, Moving the U.S. Government Towards Zero Trust Cybersecurity Principles. M-22-09 charged the Federal CDO Council and Federal CISO Council to convene a cross-agency working group of data and security experts to develop a data security guide for Federal agencies.

More than 30 Federal agencies and departments answered the call to author the Federal Zero Trust Data Security Guide. The Guide and companion document will assist practitioners in operationalizing data security using a ZT framework.

“To meet the moment of the security paradigm shift to zero trust, the Federal Government is transforming how we work. This is the first time that Federal security teams and data teams are coming together in this way to tackle a challenge of this magnitude.” – Steven Hernandez, Chief Information Security Officer (Department of Education), Co-Chair of the CISO Council

“This guide represents insights from agency practitioners who are in the trenches working to implement zero trust and secure their organization’s data. We’re building a cooperative relationship between data and cyber to tackle this government-wide challenge and ultimately ensure the public’s data is secured.” – Kirsten Dalboe, Chief Data Officer (Federal Energy Regulatory Commission), Chair of the CDO Council

Each agency has a unique mission, structure, and budget with varying risk tolerances and levels of cybersecurity maturity. This guide is intended to meet agencies where they are as they work to strengthen their data security architecture and continue on their ZT journey.

The implementation of ZT principles is paramount for the Federal government to secure its data assets in an increasingly complex and contested cyber environment. By adhering to the core tenets of ZT — never trust, always verify — agencies can ensure that their data is categorized and safeguarded with the utmost precision.


❮   Back to Community News

CDO.gov

An official website of the Federal Government

Looking for U.S. government information and services?
Visit USA.gov