{"id":106797,"date":"2022-02-17T10:00:00","date_gmt":"2022-02-17T18:00:00","guid":{"rendered":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?p=106797"},"modified":"2025-06-20T05:26:29","modified_gmt":"2025-06-20T12:26:29","slug":"us-government-sets-forth-zero-trust-architecture-strategy-and-requirements","status":"publish","type":"post","link":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/02\/17\/us-government-sets-forth-zero-trust-architecture-strategy-and-requirements\/","title":{"rendered":"US Government sets forth Zero Trust architecture strategy and requirements"},"content":{"rendered":"\n<p class=\"wp-block-paragraph\">To help protect the United States from increasingly sophisticated cyber threats, the White House issued Executive Order (EO) 14028 on Improving the Nation\u2019s Cybersecurity, which requires US Federal Government organizations to take action to strengthen national cybersecurity.<sup>1<\/sup> Section 3 of EO 14028 specifically calls for federal agencies and their suppliers \u201cto modernize [their] approach to cybersecurity\u201d by accelerating the move to secure cloud services and implementing a <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\/zero-trust\/\">Zero Trust<\/a> architecture.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">As a company that has embraced Zero Trust ourselves and supports thousands of organizations around the globe on their Zero Trust journey, Microsoft fully supports the shift to Zero Trust architectures that the Cybersecurity EO urgently calls for. We continue to partner closely with the <a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2021\/08\/17\/microsoft-and-nist-collaborate-on-eo-to-drive-zero-trust-adoption\/\">National Institute of Standards and Technology<\/a> (NIST) to develop implementation guidance by submitting <a href=\"https:\/\/www.nist.gov\/itl\/executive-order-improving-nations-cybersecurity\/enhancing-software-supply-chain-security\" target=\"_blank\" rel=\"noreferrer noopener\">position papers<\/a> and contributing to communities of interest under the umbrella of the <a href=\"https:\/\/www.nccoe.nist.gov\/\" target=\"_blank\" rel=\"noreferrer noopener\">National Cybersecurity Center of Excellence<\/a> (NCCoE).<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"microsoft-helps-implement-executive-order-14028\">Microsoft helps implement Executive Order 14028<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">The memo clearly describes the government\u2019s strategic goals for Zero Trust security. It advises agencies to prioritize their highest value starting point based on the <a href=\"https:\/\/www.cisa.gov\/zero-trust-maturity-model\" target=\"_blank\" rel=\"noreferrer noopener\">Zero Trust maturity model<\/a> developed by the national Cybersecurity &amp; Infrastructure Security Agency (CISA).\u00a0<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Microsoft\u2019s position aligns with government guidelines. Our <a href=\"https:\/\/query.prod.cms.rt.microsoft.com\/cms\/api\/am\/binary\/RWJJdT\" target=\"_blank\" rel=\"noreferrer noopener\">maturity model for Zero Trust<\/a> emphasizes the architecture pillars of identities, endpoints, devices, networks, data, apps, and infrastructure, strengthened by end-to-end governance, visibility, analytics, and automation and orchestration.<\/p>\n\n\n\n<figure class=\"wp-block-image size-full\"><img loading=\"lazy\" decoding=\"async\" width=\"800\" height=\"450\" src=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/02\/Picture9.png\" alt=\"Flow chart showcasing identities and endpoints as their authentication and compliance requests are intercepted by the Zero Trust Policy for verification before being granted access to networks and the data, apps, and infrastructure they\u2019re composed of.\" class=\"wp-image-106827\" srcset=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/02\/Picture9.png 800w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/02\/Picture9-300x169.png 300w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/02\/Picture9-768x432.png 768w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/02\/Picture9-687x385.png 687w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/02\/Picture9-767x431.png 767w, https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/02\/Picture9-539x303.png 539w\" sizes=\"auto, (max-width: 800px) 100vw, 800px\" \/><\/figure>\n\n\n\n<p class=\"wp-block-paragraph\">To help organizations implement the strategies, tactics, and solutions required for a robust Zero Trust architecture, we have developed the following series of cybersecurity assets:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/cloud-adoption-framework\/\" target=\"_blank\" rel=\"noreferrer noopener\">Cloud Adoption Framework<\/a>: A rich repository of documentation, implementation guidance, and best practices to help accelerate cloud adoption.<\/li><li><a href=\"https:\/\/aka.ms\/FederalZeroTrustPlan\">Zero Trust rapid modernization plan<\/a>: A downloadable suggested phased rollout plan to accelerate adoption of a Zero Trust security approach.<\/li><li><a href=\"https:\/\/aka.ms\/FederalZeroTrustScenarios\" target=\"_blank\" rel=\"noreferrer noopener\">Zero Trust scenario architectures<\/a>: A downloadable PDF of key architecture scenarios mapped to NIST standards.<\/li><li><a href=\"https:\/\/techcommunity.microsoft.com\/t5\/azure-active-directory-identity\/guidance-on-using-azure-ad-to-meet-zero-trust-architecture-and\/ba-p\/1751676\" target=\"_blank\" rel=\"noreferrer noopener\">Multifactor authentication (MFA) deployment guide<\/a>: Guidance on using Microsoft Azure Active Directory (Azure AD) to meet Zero Trust Architecture and MFA requirements.<\/li><li><a href=\"https:\/\/indd.adobe.com\/view\/bb2c85c8-c962-4b2a-9e04-4d6801602fff\" target=\"_blank\" rel=\"noreferrer noopener\">Interactive guide on the Cybersecurity EO<\/a>: Clear, concise guidance to help organizations better understand near- and long-term milestones, build a strategic response aligned to security modernization priorities and Executive Order requirements, and determine how technology partners can help accelerate the journey.<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"new-capabilities-in-azure-ad-to-help-meet-requirements\">New capabilities in Azure AD to help meet requirements<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">A blog by my colleague Sue Bohn, <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/azure-active-directory-identity\/guidance-on-using-azure-ad-to-meet-zero-trust-architecture-and\/ba-p\/1751676\" target=\"_blank\" rel=\"noreferrer noopener\">Guidance on using Azure AD to meet Zero Trust Architecture and MFA requirements<\/a>, provides a great summary of how Azure AD can help organizations meet the requirements outlined in EO 14028. We recently announced two additional capabilities developed in response to customer feedback: <strong>cloud-native certificate-based authentication (CBA) <\/strong>and <strong>cross-tenant access settings for external collaboration.<\/strong><\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"certificate-based-authentication\">Certificate-based authentication<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Phishing remains one of the most common threats to organizations. It\u2019s also one of the most critical to defend against. According to <a href=\"https:\/\/query.prod.cms.rt.microsoft.com\/cms\/api\/am\/binary\/RWMFIi?id=101738\">our own research<\/a>, credential phishing was a key tactic used in many of the most damaging attacks in 2021. To help our customers adhere to NIST requirements and effectively counter phishing attacks, we announced the preview of <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/azure-active-directory-identity\/azure-ad-certificate-based-authentication-now-in-public-preview\/ba-p\/2464390\" target=\"_blank\" rel=\"noreferrer noopener\">Azure AD cloud-native CBA<\/a> across our commercial and US Government clouds<em>.<\/em><\/p>\n\n\n\n<p class=\"wp-block-paragraph\">CBA enables customers to use X.509 certificates on their PCs or smart cards to authenticate applications using Azure AD natively. This eliminates the need for additional infrastructure such as Active Directory Federation Services (ADFS) and reduces the risk inherent in using on-premises identity platforms.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">Cloud-native CBA demonstrates Microsoft\u2019s commitment to the federal Zero Trust strategy. It helps our government customers implement the most prominent phishing-resistant MFA, certificate-based authentication, in the cloud so they can meet NIST requirements. Read the documentation on <a href=\"http:\/\/aka.ms\/aadcba\">Azure AD certificate-based authentication<\/a> to get started.<\/p>\n\n\n\n<h3 class=\"wp-block-heading\" id=\"cross-tenant-access-settings-for-external-collaboration\">Cross-tenant access settings for external collaboration<\/h3>\n\n\n\n<p class=\"wp-block-paragraph\">Our customers have told us they want more control over how external users access apps and resources. Earlier this month, we announced the preview of <a href=\"https:\/\/techcommunity.microsoft.com\/t5\/azure-active-directory-identity\/collaborate-more-securely-with-new-cross-tenant-access-settings\/ba-p\/2147077\" target=\"_blank\" rel=\"noreferrer noopener\">cross-tenant access settings for external collaboration<\/a>.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">This new capability enables organizations to control how internal users collaborate with external organizations that also use Azure AD. It provides granular inbound and outbound access control settings based on organization, user, group, or application. These settings also make it possible to trust security claims from external Azure AD organizations, including MFA and device claims (compliant claims and hybrid Azure AD joined claims). Consult the documentation on <a href=\"https:\/\/docs.microsoft.com\/en-us\/azure\/active-directory\/external-identities\/cross-tenant-access-overview\" target=\"_blank\" rel=\"noreferrer noopener\">cross-tenant access with Azure AD External Identities<\/a> to learn more.<\/p>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"more-capabilities-coming-soon\">More capabilities coming soon<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">We\u2019re continuing to work on new capabilities to help government organizations meet Zero Trust security requirements:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li>The ability to enforce phishing-resistant authentication for employees, business partners, and vendors for hybrid and multi-cloud environments.<\/li><li>Comprehensive phishing-resistant MFA support, including remote desktop protocol (RDP) scenarios.<\/li><\/ul>\n\n\n\n<h2 class=\"wp-block-heading\" id=\"resources-for-your-zero-trust-journey\">Resources for your Zero Trust journey<\/h2>\n\n\n\n<p class=\"wp-block-paragraph\">Microsoft is committed to helping the public and private sectors with a comprehensive approach to security that\u2019s end-to-end, best-in-breed, and AI-driven.<\/p>\n\n\n\n<p class=\"wp-block-paragraph\">To advance your Zero Trust implementation, we offer the following:<\/p>\n\n\n\n<ul class=\"wp-block-list\"><li><a href=\"https:\/\/www.microsoft.com\/en-us\/federal\/CyberEO.aspx\">Cybersecurity EO resources<\/a> for federal agencies.<\/li><li><a href=\"https:\/\/docs.microsoft.com\/en-us\/security\/zero-trust\/\" target=\"_blank\" rel=\"noreferrer noopener\">Zero Trust Guidance Center<\/a>.<\/li><li><a href=\"https:\/\/docs.microsoft.com\/en-us\/security\/cybersecurity-reference-architecture\/mcra\" target=\"_blank\" rel=\"noreferrer noopener\">Microsoft Cybersecurity Reference Architectures<\/a>.<\/li><\/ul>\n\n\n\n<p class=\"wp-block-paragraph\">To learn more about Microsoft Security solutions,&nbsp;<a href=\"https:\/\/www.microsoft.com\/en-us\/security\/business\">visit our&nbsp;website<\/a>.&nbsp;Bookmark the&nbsp;<a href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\">Security blog<\/a>&nbsp;to keep up with our expert coverage on security matters. Also, follow us at&nbsp;<a href=\"https:\/\/twitter.com\/@MSFTSecurity\" target=\"_blank\" rel=\"noreferrer noopener\">@MSFTSecurity<\/a>&nbsp;for the latest news and updates on cybersecurity.<\/p>\n\n\n\n<div style=\"height:30px\" aria-hidden=\"true\" class=\"wp-block-spacer\"><\/div>\n\n\n\n<hr class=\"wp-block-separator is-style-wide\"\/>\n\n\n\n<p class=\"wp-block-paragraph\"><sup>1<\/sup><a href=\"https:\/\/www.whitehouse.gov\/briefing-room\/presidential-actions\/2021\/05\/12\/executive-order-on-improving-the-nations-cybersecurity\/\" target=\"_blank\" rel=\"noreferrer noopener\">Executive Order (EO) 14028 on Improving the Nation\u2019s Cybersecurity<\/a>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>To help protect the United States from increasingly sophisticated cyber threats, the White House issued Executive Order 14028 on Improving the Nation\u2019s Cybersecurity, requiring US Federal Government organizations to take action to strengthen national cybersecurity.<\/p>\n","protected":false},"author":106,"featured_media":106842,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"ms_queue_id":[],"ep_exclude_from_search":false,"_classifai_error":"","_classifai_text_to_speech_error":"","_alt_title":"","ms-ems-related-posts":[],"footnotes":""},"post_tag":[3742],"threat-intelligence":[],"content-type":[3662],"job-role":[],"product":[3702,3703],"topic":[3678,3689],"coauthors":[2093],"class_list":["post-106797","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","tag-azure","content-type-news","product-microsoft-entra","product-microsoft-entra-id","topic-multifactor-authentication","topic-zero-trust","review-flag-1694638265-310","review-flag-1-1694638265-354","review-flag-3-1694638266-241","review-flag-ai-driven-ai-driven","review-flag-new-1694638263-340","review-flag-partn-1694638263-177"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.2 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>US Government sets forth Zero Trust architecture strategy and requirements | Microsoft Security Blog<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/02\/17\/us-government-sets-forth-zero-trust-architecture-strategy-and-requirements\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"US Government sets forth Zero Trust architecture strategy and requirements | Microsoft Security Blog\" \/>\n<meta property=\"og:description\" content=\"To help protect the United States from increasingly sophisticated cyber threats, the White House issued Executive Order 14028 on Improving the Nation\u2019s Cybersecurity, requiring US Federal Government organizations to take action to strengthen national cybersecurity.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/02\/17\/us-government-sets-forth-zero-trust-architecture-strategy-and-requirements\/\" \/>\n<meta property=\"og:site_name\" content=\"Microsoft Security Blog\" \/>\n<meta property=\"article:published_time\" content=\"2022-02-17T18:00:00+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2025-06-20T12:26:29+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/02\/CLO22_SecOps_014.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"1200\" \/>\n\t<meta property=\"og:image:height\" content=\"800\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Joy Chik\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:image\" content=\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/02\/CLO22_SecOps_014.jpg\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Joy Chik\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"5 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/02\/17\/us-government-sets-forth-zero-trust-architecture-strategy-and-requirements\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/02\/17\/us-government-sets-forth-zero-trust-architecture-strategy-and-requirements\/\"},\"author\":[{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/joy-chik\/\",\"@type\":\"Person\",\"@name\":\"Joy Chik\"}],\"headline\":\"US Government sets forth Zero Trust architecture strategy and requirements\",\"datePublished\":\"2022-02-17T18:00:00+00:00\",\"dateModified\":\"2025-06-20T12:26:29+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/02\/17\/us-government-sets-forth-zero-trust-architecture-strategy-and-requirements\/\"},\"wordCount\":874,\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/02\/17\/us-government-sets-forth-zero-trust-architecture-strategy-and-requirements\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/02\/CLO22_SecOps_014.jpg\",\"keywords\":[\"Azure\"],\"articleSection\":[\"Cybersecurity\",\"Cybersecurity policy\",\"Zero Trust\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/02\/17\/us-government-sets-forth-zero-trust-architecture-strategy-and-requirements\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/02\/17\/us-government-sets-forth-zero-trust-architecture-strategy-and-requirements\/\",\"name\":\"US Government sets forth Zero Trust architecture strategy and requirements | Microsoft Security Blog\",\"isPartOf\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/02\/17\/us-government-sets-forth-zero-trust-architecture-strategy-and-requirements\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/02\/17\/us-government-sets-forth-zero-trust-architecture-strategy-and-requirements\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/02\/CLO22_SecOps_014.jpg\",\"datePublished\":\"2022-02-17T18:00:00+00:00\",\"dateModified\":\"2025-06-20T12:26:29+00:00\",\"breadcrumb\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/02\/17\/us-government-sets-forth-zero-trust-architecture-strategy-and-requirements\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/02\/17\/us-government-sets-forth-zero-trust-architecture-strategy-and-requirements\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/02\/17\/us-government-sets-forth-zero-trust-architecture-strategy-and-requirements\/#primaryimage\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/02\/CLO22_SecOps_014.jpg\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/02\/CLO22_SecOps_014.jpg\",\"width\":1200,\"height\":800,\"caption\":\"C I S O collaborating with practitioners in a security operations center.\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/02\/17\/us-government-sets-forth-zero-trust-architecture-strategy-and-requirements\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"US Government sets forth Zero Trust architecture strategy and requirements\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"name\":\"Microsoft Security Blog\",\"description\":\"Expert coverage of cybersecurity topics\",\"publisher\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization\",\"name\":\"Microsoft Security Blog\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"contentUrl\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png\",\"width\":512,\"height\":512,\"caption\":\"Microsoft Security Blog\"},\"image\":{\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/person\/dce7a42a3a4e63a3350e523c420a4ad1\",\"name\":\"Emma Jones\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/secure.gravatar.com\/avatar\/d34f702c8adc55c90905670a2ca63f412e583f0733513a580f9fbe70cf12fe2d?s=96&d=microsoft&r=gd8de7ce2349693784c52e03d78a1422c\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/d34f702c8adc55c90905670a2ca63f412e583f0733513a580f9fbe70cf12fe2d?s=96&d=microsoft&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/d34f702c8adc55c90905670a2ca63f412e583f0733513a580f9fbe70cf12fe2d?s=96&d=microsoft&r=g\",\"caption\":\"Emma Jones\"},\"url\":\"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/v-coujones\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"US Government sets forth Zero Trust architecture strategy and requirements | Microsoft Security Blog","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/02\/17\/us-government-sets-forth-zero-trust-architecture-strategy-and-requirements\/","og_locale":"en_US","og_type":"article","og_title":"US Government sets forth Zero Trust architecture strategy and requirements | Microsoft Security Blog","og_description":"To help protect the United States from increasingly sophisticated cyber threats, the White House issued Executive Order 14028 on Improving the Nation\u2019s Cybersecurity, requiring US Federal Government organizations to take action to strengthen national cybersecurity.","og_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/02\/17\/us-government-sets-forth-zero-trust-architecture-strategy-and-requirements\/","og_site_name":"Microsoft Security Blog","article_published_time":"2022-02-17T18:00:00+00:00","article_modified_time":"2025-06-20T12:26:29+00:00","og_image":[{"width":1200,"height":800,"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/02\/CLO22_SecOps_014.jpg","type":"image\/jpeg"}],"author":"Joy Chik","twitter_card":"summary_large_image","twitter_image":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/02\/CLO22_SecOps_014.jpg","twitter_misc":{"Written by":"Joy Chik","Est. reading time":"5 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/02\/17\/us-government-sets-forth-zero-trust-architecture-strategy-and-requirements\/#article","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/02\/17\/us-government-sets-forth-zero-trust-architecture-strategy-and-requirements\/"},"author":[{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/joy-chik\/","@type":"Person","@name":"Joy Chik"}],"headline":"US Government sets forth Zero Trust architecture strategy and requirements","datePublished":"2022-02-17T18:00:00+00:00","dateModified":"2025-06-20T12:26:29+00:00","mainEntityOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/02\/17\/us-government-sets-forth-zero-trust-architecture-strategy-and-requirements\/"},"wordCount":874,"publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/02\/17\/us-government-sets-forth-zero-trust-architecture-strategy-and-requirements\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/02\/CLO22_SecOps_014.jpg","keywords":["Azure"],"articleSection":["Cybersecurity","Cybersecurity policy","Zero Trust"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/02\/17\/us-government-sets-forth-zero-trust-architecture-strategy-and-requirements\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/02\/17\/us-government-sets-forth-zero-trust-architecture-strategy-and-requirements\/","name":"US Government sets forth Zero Trust architecture strategy and requirements | Microsoft Security Blog","isPartOf":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/02\/17\/us-government-sets-forth-zero-trust-architecture-strategy-and-requirements\/#primaryimage"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/02\/17\/us-government-sets-forth-zero-trust-architecture-strategy-and-requirements\/#primaryimage"},"thumbnailUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/02\/CLO22_SecOps_014.jpg","datePublished":"2022-02-17T18:00:00+00:00","dateModified":"2025-06-20T12:26:29+00:00","breadcrumb":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/02\/17\/us-government-sets-forth-zero-trust-architecture-strategy-and-requirements\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/02\/17\/us-government-sets-forth-zero-trust-architecture-strategy-and-requirements\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/02\/17\/us-government-sets-forth-zero-trust-architecture-strategy-and-requirements\/#primaryimage","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/02\/CLO22_SecOps_014.jpg","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2022\/02\/CLO22_SecOps_014.jpg","width":1200,"height":800,"caption":"C I S O collaborating with practitioners in a security operations center."},{"@type":"BreadcrumbList","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/2022\/02\/17\/us-government-sets-forth-zero-trust-architecture-strategy-and-requirements\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/"},{"@type":"ListItem","position":2,"name":"US Government sets forth Zero Trust architecture strategy and requirements"}]},{"@type":"WebSite","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#website","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","name":"Microsoft Security Blog","description":"Expert coverage of cybersecurity topics","publisher":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#organization","name":"Microsoft Security Blog","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","contentUrl":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-content\/uploads\/2018\/08\/cropped-cropped-microsoft_logo_element.png","width":512,"height":512,"caption":"Microsoft Security Blog"},"image":{"@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/#\/schema\/person\/dce7a42a3a4e63a3350e523c420a4ad1","name":"Emma Jones","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/d34f702c8adc55c90905670a2ca63f412e583f0733513a580f9fbe70cf12fe2d?s=96&d=microsoft&r=gd8de7ce2349693784c52e03d78a1422c","url":"https:\/\/secure.gravatar.com\/avatar\/d34f702c8adc55c90905670a2ca63f412e583f0733513a580f9fbe70cf12fe2d?s=96&d=microsoft&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/d34f702c8adc55c90905670a2ca63f412e583f0733513a580f9fbe70cf12fe2d?s=96&d=microsoft&r=g","caption":"Emma Jones"},"url":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/author\/v-coujones\/"}]}},"bloginabox_animated_featured_image":null,"bloginabox_display_generated_audio":false,"distributor_meta":false,"distributor_terms":false,"distributor_media":false,"distributor_original_site_name":"Microsoft Security Blog","distributor_original_site_url":"https:\/\/www.microsoft.com\/en-us\/security\/blog","push-errors":false,"_links":{"self":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/106797","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/users\/106"}],"replies":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/comments?post=106797"}],"version-history":[{"count":1,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/106797\/revisions"}],"predecessor-version":[{"id":139769,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/posts\/106797\/revisions\/139769"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media\/106842"}],"wp:attachment":[{"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/media?parent=106797"}],"wp:term":[{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/post_tag?post=106797"},{"taxonomy":"threat-intelligence","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/threat-intelligence?post=106797"},{"taxonomy":"content-type","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/content-type?post=106797"},{"taxonomy":"job-role","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/job-role?post=106797"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/product?post=106797"},{"taxonomy":"topic","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/topic?post=106797"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/www.microsoft.com\/en-us\/security\/blog\/wp-json\/wp\/v2\/coauthors?post=106797"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}