Zscaler Cloud Security for Government

Enabling zero trust cloud transformation in alignment with executive orders from President Biden and CISA

Overview
Why Zscaler
Zero Trust and the NSA
The Zscaler Difference
Zscaler and NIST Guidelines
Certified for Compliance
Our Platform
Resources

To keep up with dynamic and increasingly sophisticated cyberthreats, in 2021, the White House published an executive order for cloud security and zero trust:

[T]he Federal Government must take decisive steps to modernize its approach to cybersecurity, including by increasing the Federal Government’s visibility into threats, while protecting privacy and civil liberties. The Federal Government must adopt security best practices; advance toward Zero Trust Architecture; accelerate movement to secure cloud services, including Software as a Service (SaaS), Infrastructure as a Service (IaaS), and Platform as a Service (PaaS); centralize and streamline access to cybersecurity data to drive analytics for identifying and managing cybersecurity risks; and invest in both technology and personnel to match these modernization goals.

Download the playbook

Why Zscaler

Zscaler helps agencies achieve the goals of the Executive Order

The Zscaler Government Cloud provides agencies with secure access to the internet and cloud applications, supporting guidance from CISA, DISA, NIST, and TIC 3.0.

It helps agencies improve security, reduce costs and complexity, and deliver a better user experience.

Learn more about Zscaler for government

Zero Trust and the NSA

Principles of zero trust for cloud security from the NSA

Never trust, always verify

Treat every user, device, application/workload, and data flow as untrusted. Authenticate and explicitly authorize each to the least privilege required using dynamic security policies.

Assume breach

Consciously operate and defend resources with the assumption that an adversary already has presence within the environment. Deny by default and heavily scrutinize all users, devices, data flows, and requests for access. Log, inspect, and continuously monitor all configuration changes, resource accesses, and network traffic for suspicious activity.

Verify explicity

Access to all resources should be conducted in a consistent and secure manner using multiple attributes (dynamic and static) to derive confidence levels for contextual access decisions to resources.

The Zscaler Difference

Stop threats, eliminate data loss, and simplify policy creation with cloud native zero trust

Connect a user to an app, not a network

Accelerate policy-making and simplify microsegmentation: automatically create user and app policies via APIs, and auto-segment app workloads with machine learning.

Zero attack surface

Make apps invisible and accessible only by authorized users via the Zscaler Zero Trust Exchange™—unlike traditional firewalls that expose your apps to the open internet.

Proxy architecture, not passthrough

Perform full content inspection, even on TLS/SSL traffic, for effective threat protection and data loss prevention beyond the limits of next-gen firewalls.

Zscaler and NIST Guidelines

Zscaler enables agencies to adhere to all NIST zero trust guidelines

All data sources and computing services need to be considered resources.
All communication needs to be secured regardless of network location.
Access to individual enterprise resources is granted on a per-session basis.
Access to resources is determined by dynamic policy—including the observable state of client identity, application, and the requesting asset—and may include other behavioral attributes.
The enterprise ensures that all owned and associated devices are in the most secure state possible, and monitors assets to ensure that they remain in the most secure state possible.
All resource authentication and authorization are dynamic and strictly enforced before access is allowed.

Certified for Compliance