U.S. mandates for Zero Trust architecture (ZTA) have continued to evolve since 2020, signaling a broad shift in how U.S. federal networks are secured. Agencies have needed to move away from traditional, perimeter-based architectures and legacy firewall setups — in which users, once authenticated, are often granted broad network access — toward a principle of “Never trust, always verify.”
With the proliferation of artificial intelligence (AI), threat conditions, vulnerabilities, and cyberthreats like phishing and malware not only persist but also have grown significantly more complex.
Common mandates
Some of the more common U.S. mandates include:
The National Institute of Standards and Technology (NIST) SP 800-207: Zero Trust Architecture (2020) — Establishes the conceptual foundation for ZTA
The President’s Executive Order (EO) 14028: Improving the Nation’s Cybersecurity (2021) — Calls on the federal government to “improve its efforts to identify, deter, protect against, detect, and respond to” sophisticated and malicious cyber campaigns
Cybersecurity and Infrastructure Security Agency (CISA) Zero Trust Maturity Model v2.0 (2022) — Outlines key capability pillars and maturity stages
Department of Defense (DoD) Zero Trust Reference Architecture v2.0 (2022) — Tailors Zero Trust principles to mission-critical and defense environments
NSA implementation guides
To implement these policy changes, the National Security Agency (NSA), in its role as National Manager (NM) for the U.S. National Security System (NSS), developed a series of Zero Trust Implementation Guidelines (ZIGs) to provide a roadmap for security teams and federal agencies to fully implement Zero Trust architectures.
The ZIG structure is derived from the DoD Zero Trust Reference Architecture’s seven Zero Trust pillars (User, Device, Application and Workload, Data, Network/Environment, Automation and Orchestration, and Visibility and Analytics).
These pillars are delivered across five phases of implementation: Discovery, Phase One, Phase Two (target-level phases), Phase Three, and Phase Four (advanced level). Within these phases are 152 unique activities: 91 target-level (foundational) and 61 advanced-level steps to fully implement an advanced ZTA.
Akamai: A trusted ZTA provider
Akamai is a trusted global leader that is setting the standard for cybersecurity excellence with a Zero Trust security and microsegmentation platform that delivers a comprehensive enforcement layer across all seven Zero Trust pillars. Akamai’s Zero Trust Network Access (ZTNA) capabilities and overall Zero Trust approach align with — and often exceed — NSA guidance. With deep experience within federal civilian agencies and the Department of War (DoW), Akamai remains a trusted cornerstone of cyberdefense.
Akamai's strength: Comprehensive Zero Trust framework
Akamai provides a comprehensive, layered Zero Trust solution that applies continuous authentication and continuous authorization across all origins — cloud, on-premises, mobile, etc. We distinguish ourselves by ensuring comprehensive protection through deep integrations with our customers, and with leading identity, endpoint, and security operations platforms. This positions Akamai to support agencies operating at higher impact levels, including those with mission-critical and national security requirements.
The following table summarizes our Zero Trust solutions’ alignment with the DoD Zero Trust Reference Architecture’s seven pillars:
Zero Trust pillar |
Pillar description |
Akamai solutions |
Strength and positioning |
|---|---|---|---|
Network/Environment |
Granular network segmentation and control Segment, isolate, and control (physically and logically) the network environment with granular policy and access controls. |
VERY strong (industry-leading microsegmentation) Delivers industry-leading microsegmentation with deep visibility into application dependencies and east-west (i.e., lateral server-to-server) traffic. Enables granular, policy-driven isolation of workloads and systems, forming a critical foundation for Zero Trust network control and protection against ransomware, lateral movement, and data exfiltration. |
|
Visibility and Analytics |
Continuous visibility and intelligent analysis Analyze events, activities, and behaviors to derive context and apply AI/ML. Achieve a highly personalized model that improves detection and reaction time in making real-time access decisions. |
Akamai Guardicore Segmentation and third-party integrations (Elastic, Splunk, Sentinel, and others) |
VERY strong (integrated visibility and analytics) |
Data |
Secure data access and protection Data transparency and visibility is enabled and secured by enterprise infrastructure, applications, standards, robust end-to-end encryption, and data tagging. |
Akamai Guardicore Segmentation and Enterprise Application Access |
VERY strong (layered access control) Combines identity-aware access management with workload segmentation to tightly control how users and systems interact with sensitive data, significantly reducing the risk of unauthorized access through layered Zero Trust enforcement. |
Device |
Device trust and posture validation Understand the health and status of devices to inform risk decisions. Real-time inspection, assessment and patching informs every access request. |
Enterprise Application Access and partner integrations |
Strong (device-aware access via integration) Enables device-aware access decisions by incorporating posture and risk signals from endpoint security and management platforms, helping organizations enforce secure access based on device trust and compliance. Supports hybrid and multicloud environments. |
Automation and Orchestration |
Automated policy enforcement and response Automate security response based on defined processes and security policies enabled by AI; e.g., blocking actions or forcing remediation based on intelligent decisions. |
Akamai’s security operations center, platform APIs |
Strong (ecosystem-driven automation) Integrates seamlessly with enterprise security orchestration and response tools, enabling automated policy enforcement and coordinated response actions across the ZTA. |
Application and Workload |
Application and workload protection Secure everything from applications to hypervisors, including containers and virtual machines. |
App & API Protector and Akamai Guardicore Segmentation |
VERY strong (industry-leading application and API protection) Protects modern applications and APIs while extending Zero Trust principles across workloads. Combines advanced API security with microsegmentation to reduce attack surface and enforce least-privilege access and communication. |
User |
Identity-driven access control Continually authenticate, assess, and monitor user activity patterns to govern users’ access and privileges while protecting and securing all interactions. |
VERY strong (identity-driven access control) Delivers secure, identity-driven access to applications, enabling continuous authentication via MFA and context-aware access decisions across users, devices, and locations. |
Akamai’s alignment with the DoD Zero Trust Reference Architecture’s seven Zero Trust pillars
Compliance as a competitive edge: FedRAMP and defense alignment
Akamai’s Zero Trust capabilities are backed by our rapidly expanding portfolio of federal security authorizations. Akamai is actively pursuing the highest level of federal security compliance, including FedRAMP High authorization for its key Zero Trust products and GovRAMP certification.
Akamai is currently pursuing FedRAMP High authorization for Akamai Cloud meeting the strictest security baselines for mission-critical systems. This effort extends to Enterprise Application Access and Akamai Guardicore Segmentation, bringing high-level compliance to microsegmentation and east-west traffic enforcement. For more details, visit the Akamai Trust Center.
Akamai’s Zero Trust and cloud capabilities are being aligned to support evolving DoW security frameworks, including high assurance environments and emerging certification models. Through continued investment in compliance and architecture, Akamai is building a portfolio designed to operate within the most demanding federal and defense environments.
Partnering with Akamai for a Zero Trust future
With Akamai’s ZTNA security solutions, agencies can operationalize the principles outlined in the NSA Zero Trust Implementation Guide and deliver a comprehensive enforcement layer across all seven pillars in the DoD Zero Trust Reference Architecture. From identity-driven access and device-aware policies to microsegmentation and application protection, Akamai provides the core capabilities required for seamlessly implementing ZTAs with existing federal security ecosystems.
Ready to accelerate your Zero Trust journey?
To learn how Akamai can support your organization’s alignment with the NSA Zero Trust framework and federal compliance requirements, contact our team to start the conversation.
Tags
