b'and can be queried by outside controls is critical. The depth and breadth of data sources with zero trust architectures become much larger. We need to have a data structure that can support that. Davon Tyler: The first step is educating themselves on what zero There are many trust really is . then look at the department level to see if theresanother agency or bureau that has implemented it already. Talk to ways that agenciespeers inside of the department or externally to really understand what theyve done and gain those lessons learned. I think the other can begin their piece is creating that plan that starts with that crawl, walk, run. Look respective zero trustat the plan, take small steps, identify applications and systems that you can implement zero trust on today. I think the other piece is journeys, and anworking with vendors to identify components that you may already have, that already support zero trust. In some cases, you dont have equal number, if notto go out there and buy something new, you probably already have a product that will support it. greater number ofBrian Gattoni: Its important to note that there are many ways that paths to complete it.agencies can begin their respective zero trust journeys, and an equal number, if not greater number of paths to complete it.Theres no - Brian Gattoni single way for an individual entity or agency to begin a zero trustjourney. Theres no prescriptive timeline that worked in all cases. For a lot of agencies, its going to come down to us starting small. Dont try to boil the ocean all at once and remain agile. Youre going to need a high level champion whos committed to breaking down the barriers and ensuring clearcommunication at all levels. Its going to be as much of a culture shift as anything, and its going to require coordination between your infrastructure, engineering, security, andimplementation teams. Its going to require sustained commitment and investment over time. Its a big deal. So I encourage industry to develop innovative technologies that help several departments and agencies as they begin their journey to adopt zero trust.Zero Trust Security Model The Zero Trust security model is a coordinated system managementstrategy that assumes breaches are inevitable or have already occurred. 4Zero Trust requires all users, whether in or outside an organizationsnetwork, to be authenticated, authorized, and continuously validated forsecurity configuration and posture before being granted or keepingaccess to applications and data. 54 https://us-ce rt.cisa.gov/ncas/current-activity/2021/02/26/ns-areleases-guidance-zero-trust-security-model5 https://www.crowdstrikecom/cybersecurity-101/zero-trust-security/Government Business Council Securing the Nations Network|Page 4'