Background and Challenge
When leaders of one federal civilian agency decided to adopt a Zero Trust Architecture (ZTA) framework for cybersecurity, they understood the need to comply with an array of executive orders, Office of Management and Budget (OMB) memoranda, and other evolving guidance. They also knew their ZTA solution must support, not disrupt, the mission of delivering uninterrupted citizen services.
To ensure cyber resilience, the agency would need to align its technologies, tools, processes, and organizational behaviors into a common Zero Trust approach. The new framework needed to be strong enough to disrupt cyber adversaries yet flexible enough to comply with existing and new regulations.
For the complex, multi-year transformation, leaders wanted an expert partner to guide the journey, so agency personnel could focus on mission delivery. They selected ShorePoint to provide:
- ZTA implementation, integration, and modernization services
- Stakeholder engagement/customer experience services
- Security development and operations support
- ZTA advisory support
- Information systems security training and support
- Program Management Office (PMO) support
Solution and Benefits
ShorePoint adopted a technical approach to the ZTA Program that recognized the importance of collaborative stakeholder engagement. Designed to drive adoption and alignment that improves the agency’s organizational risk posture and ensures regulatory compliance, the approach is anchored in ISO-certified quality and service management processes that are aligned to existing agency standards and procedures.
The company selected experienced and highly skilled architecture, engineering, and policy professionals to create and lead working groups. Within the first month, there were 12 working groups actively engaging stakeholders, establishing processes, managing tasks and timelines, and routinely reporting to stakeholders. Early on, the groups facilitated a series of audits and assessments to understand and document the current-state capabilities across ZT pillars. They also captured stakeholder needs and concerns — including the agency’s Technology Modernization Fund (TMF) milestones.
ShorePoint also established the agency’s first ZTA PMO as the centralized office to guide and direct ZT progress. The ZTA PMO created a common vision of success through stakeholder collaboration and served as the central point for questions, answers, and clarifications from all internal and external stakeholders.
Using its understanding of what existed in the customer’s environment and where the technology, resources, and knowledge gaps resided, ShorePoint then used its unique ZTA Control Overlay to map the customer’s ZTA Strategy, incorporating:
- ZTA pillars, capabilities, and maturity model
- Systems implementing ZTA capabilities
- NIST, OMB, CISA, and executive ZTA guidelines
- Department/agency policies
Against the backdrop of the ZTA Overlay, the team created a roadmap for system, policy, process, and reporting modernization — with defined maturity levels to measure progress against goals.
By the end of the first year, ShorePoint supported the agency in becoming a federal leader in Zero Trust Architecture implementation, with:
- The agency’s first ZTA Service Catalog, for anyone within the agency to utilize for information, guidance, and tools relevant to the organization’s ZT offerings
- The agency’s first ZTA Strategic Plan, a comprehensive yet flexible plan that defined yearly goals and helps prioritize and manage initiatives that will improve enterprise ZTA maturity
- 45% of systems behind a secure access service edge (SASE), exceeding the TMF first-year requirement of 35% — all while coming in under budget on the program
Moving Forward
Building on the ZTA Strategy and ZTA Overlay established in year one, ShorePoint continues to collaborate with the customer to build confidence across stakeholders, develop Zero Trust capability, and advance the agency’s ZT maturity. The foundation is laid to provide a pathway for the agency’s systems to reach “Advanced” and “Optimal” maturity by the end of the program.
