Solutions > CISA

Zscaler Cloud Security for Government

Enabling zero trust cloud transformation in alignment with executive orders from President Biden and CISA.

The White House has published a new executive order for cloud security and zero trust:

To keep pace with today’s dynamic and increasingly sophisticated cyber threat environment, the Federal Government must take decisive steps to modernize its approach to cybersecurity, including by increasing the Federal Government’s visibility into threats, while protecting privacy and civil liberties. The Federal Government must adopt security best practices; advance toward Zero Trust Architecture; accelerate movement to secure cloud services, including Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS); centralize and streamline access to cybersecurity data to drive analytics for identifying and managing cybersecurity risks; and invest in both technology and personnel to match these modernization goals.

Zscaler helps agencies achieve the target goals of the Executive Order

The Zscaler Government Cloud provides agencies with secure access to the internet and cloud applications, supporting guidance from CISA, DISA, NIST, and TIC 3.0.

It helps agencies improve security, reduce cost and complexity, and deliver a better user experience.

Zscaler helps agencies achieve the targets of the Executive Order

Principles of zero trust for cloud security from the NSA

Never trust, always verify

Never trust, always verify

Treat every user, device, application/workload, and data flow as untrusted. Authenticate and explicitly authorize each to the least privilege required using dynamic security policies.

Assume breach

Assume breach

Consciously operate and defend resources with the assumption that an adversary already has presence within the environment. Deny by default and heavily scrutinize all users, devices, data flows, and requests for access. Log, inspect, and continuously monitor all configuration changes, resource accesses, and network traffic for suspicious activity.

Verify explicitly

Verify explicitly

Access to all resources should be conducted in a consistent and secure manner using multiple attributes (dynamic and static) to derive confidence levels for contextual access decisions to resources.

Zscaler’s industry-leading approach

The Zscaler Zero Trust Exchange uniquely enables agencies to achieve cloud-native zero trust, protect against threats and data loss, and simplify policy creation.

Connect a user to an app, not a network
Connect a user to an app, not a network

New APIs automatically create policies for apps and users, while machine learning allows for auto-segmentation of application workloads. These innovations accelerate policy-making and simplify microsegmentation.

Zero attack surface
Zero attack surface

Traditional firewalls publish your apps on the internet so they can be found by users—but also by bad actors. The Zero Trust Exchange makes apps invisible and accessible only by authorized users.

Proxy architecture, not passthrough
Proxy architecture, not passthrough

Unlike a next-gen firewall, a proxy architecture is designed for proper content inspection, including SSL, for effective cyberthreat protection and data loss prevention.

Zscaler enables agencies to adhere to all zero trust guidelines provided by NIST:

  • All data sources and computing services need to be considered resources.
  • All communication needs to be secured regardless of network location.
  • Access to individual enterprise resources is granted on a per-session basis.
  • Access to resources is determined by dynamic policy—including the observable state of client identity, application, and the requesting asset—and may include other behavioral attributes.
  • The enterprise ensures that all owned and associated devices are in the most secure state possible, and monitors assets to ensure that they remain in the most secure state possible.
  • All resource authentication and authorization are dynamic and strictly enforced before access is allowed.

Meeting the highest standards of government compliance

Key certifications

FedRAMP Logo

Zscaler Private Access has achieved an official authorized status with the Federal Risk and Authorization Management Program (FedRAMP) of High Authority to Operate (ATO).  Zscaler Internet Access has achieved Moderate ATO and is "In Process" for High ATO.

Service Organization Control (SOC) 2, Type II Certification

Zscaler has received the Service Organization Control (SOC) 2, Type II Certification, an independent validation that Zscaler security controls are in accordance with the American Institute of Certified Public Accountants’ applicable Trust Services Principles and Criteria

ISO 27001 Certified

The Zscaler Cloud Security Platform is fully compliant with the ISO 27001 security standard for its cloud services and operations

ISO 27018 Cetified

The Zscaler Cloud Security Platform is fully compliant with the ISO 27018 for cloud privacy protection

FIPS 140-2 Cryptography Certification

Zscaler is compliant with the Federal Information Processing Standard (FIPS 140-2), meeting NIST requirements for cryptographic modules

Criminal Justice Information Services

Zscaler maintains compliance with Criminal Justice Information Services, ensuring the protection of information as required by CJIS Security Policy

Suggested Resources

SOLUTION BRIEF

Zscaler Government Security

SOLUTION BRIEF

TIC 3.0 Solution Brief

REPORT

Securing Remote Access to Agency Applications

REPORT

Defending Government Against Ransomware Attacks