“John Simms, a senior technical advisor for the Office of the Chief Technology Officer at CISA, explained that one major misconception many have about the zero trust model is the notion that an agency cannot trust its users or workforce. ‘This is a marketing problem we seem to continue to have. Zero trust gives your users ad employees the impression that they’re not trusted, but in fact, zero trust supports secure information sharing,’ Simms said during a virtual event on March 28 hosted by GovExec. ‘Just because there’s no assumed or implied trust doesn’t mean there’s no trust. Instead, there’s explicitly justified and appropriately granted trust.’...” “’Moving to zero trust involves implementing tools that support just-in-time privilege elevation and time-bound access. But it also involves large-scale cultural change that starts at the top. The zero trust mindset needs to be company-wide. Adoption should involve everyone, not just the security team,’ Simms said. Cultivating a zero trust framework also requires buy-in from executive leadership all the way down to identity and security practitioners. Previously, Simms added, security for an agency was handled by a single team, but he said that approach no longer works...” Read the full article here. Source: CISA Official: Zero Trust Can Snag on Misconceptions – By Lisbeth Perez, April 1, 2022. MeriTalk.