Zero Trust Architecture
Supporting your agency's zero trust journey
Zero trust is an approach to cybersecurity that goes beyond "trust but verify" and treats all networks and traffic as potential threats.
A Zero Trust Architecture helps agencies build zero trust principles into industrial and enterprise infrastructure and workflows.
There is no single technology, product, or service that can achieve the goals of implementing a ZTA. A truly effective ZTA incorporates technologies that:
- Authenticate, monitor, and validate user identities and trustworthiness.
- Identify, monitor, and manage devices and other endpoints on a network.
- Control and manage access to and data flows within networks.
- Secure and accredit applications within a technology stack.
- Automate security monitoring and connect tools across information systems.
- Analyze user behavior and other data to observe real-time events and proactively orient network defenses.
- Support IPv4 and IPv6.
Each agency's journey and solution will be unique, and GSA is here to help. Our Zero Trust buyer's guide [PDF - 2 MB] helps agencies identify the contract vehicles that offer ZTA-related products and services.
Buying ZTA solutions
Ransomware attacks, remote working environments, and the transition to cloud networks have driven the need to protect data from internal and external threats. We have secure solutions to help you meet your mission and your security requirements.
Our buyer's guide [PDF - 2 MB] is your agency's roadmap to designing and deploying ZTA, and maps the components defined by NIST to the GSA solutions that help meet them. We offer a variety of ZTA solutions across contract vehicles.
Our Advanced Persistent Threat Buyer's Guide [PDF - 693 KB] helps organizations evaluate potential products and solutions that detect, respond to, and recover from APTs. It provides guidance on engaging capable, proven industry partners to minimize APTs and enhance the overall resilience of the nation's cybersecurity.
Multiple Award Schedule
Buy on Schedule for commercial-off-the-shelf products and services. Options include:
- IT Security to help your agency enhance security, improve resilience, protect important information, and bring systems up to date.
- IT Hardware for one-off hardware purchases or as part of a total IT solution.
- IT Software for reduced cost and complexity when buying commercial software for your agency.
- A broad portfolio of Best-in-Class Wireless Mobility Solutions
Governmentwide Acquisition Contracts
Buy on GWACs for savings per unit.
Enterprise Infrastructure Solutions
Buy on EIS for a comprehensive IT, telecommunications, and infrastructure solution.
- Executive Order 14028 - "Improving the Nation's Cybersecurity" requires agencies to enhance cybersecurity and software supply chain integrity to ensure information technology (IT) and operational technology (OT) systems (whether cloud-based, on-premises or hybrid) are secure.
- Office of Management and Budget Memo M-22-09, "Moving the U.S. Government Toward Zero Trust Cybersecurity Principles" provides agencies further guidance to achieve specific zero trust security goals by the end of Fiscal Year (FY) 2024.
- National Institute of Standards and Technology Special Publication 800-207 contains cybersecurity measures and guidelines highlighting the ZTA core components.