<html xmlns:v="urn:schemas-microsoft-com:vml" xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=us-ascii">
<meta name="Generator" content="Microsoft Word 15 (filtered medium)">
<!--[if !mso]><style>v\:* {behavior:url(#default#VML);}
o\:* {behavior:url(#default#VML);}
w\:* {behavior:url(#default#VML);}
.shape {behavior:url(#default#VML);}
</style><![endif]--><style><!--
/* Font Definitions */
@font-face
{font-family:Wingdings;
panose-1:5 0 0 0 0 0 0 0 0 0;}
@font-face
{font-family:"Cambria Math";
panose-1:2 4 5 3 5 4 6 3 2 4;}
@font-face
{font-family:Calibri;
panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
{font-family:"Franklin Gothic Book";
panose-1:2 11 5 3 2 1 2 2 2 4;}
@font-face
{font-family:"Segoe UI";
panose-1:2 11 5 2 4 2 4 2 2 3;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
{margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
a:link, span.MsoHyperlink
{mso-style-priority:99;
color:blue;
text-decoration:underline;}
p.paragraph, li.paragraph, div.paragraph
{mso-style-name:paragraph;
margin:0in;
font-size:11.0pt;
font-family:"Calibri",sans-serif;}
span.normaltextrun
{mso-style-name:normaltextrun;}
span.eop
{mso-style-name:eop;}
.MsoChpDefault
{mso-style-type:export-only;
font-size:10.0pt;}
@page WordSection1
{size:8.5in 11.0in;
margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
{page:WordSection1;}
/* List Definitions */
@list l0
{mso-list-id:129594093;
mso-list-template-ids:-1837587782;}
@list l0:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l0:level2
{mso-level-number-format:bullet;
mso-level-text:o;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:"Courier New";
mso-bidi-font-family:"Times New Roman";}
@list l0:level3
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level4
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level5
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level6
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level7
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level8
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l0:level9
{mso-level-number-format:bullet;
mso-level-text:\F0A7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Wingdings;}
@list l1
{mso-list-id:186410955;
mso-list-template-ids:1150728560;}
@list l1:level1
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level2
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level3
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:1.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level4
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level5
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:2.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level6
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level7
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:3.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level8
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.0in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
@list l1:level9
{mso-level-number-format:bullet;
mso-level-text:\F0B7;
mso-level-tab-stop:4.5in;
mso-level-number-position:left;
text-indent:-.25in;
mso-ansi-font-size:10.0pt;
font-family:Symbol;}
ol
{margin-bottom:0in;}
ul
{margin-bottom:0in;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple" style="word-wrap:break-word">
<div class="WordSection1">
<p class="MsoNormal">FYSA<o:p></o:p></p>
<div>
<div>
<div>
<p class="paragraph" style="margin-right:3.0pt;background:white"><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif"><o:p> </o:p></span></p>
</div>
<div>
<p class="paragraph" style="margin-right:31.5pt;background:white;font-kerning:none">
<span class="normaltextrun"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">As the nation’s cyber defense agency, CISA has published
<i><a href="https://www.cisa.gov/zero-trust-maturity-model" title="https://www.cisa.gov/zero-trust-maturity-model">Applying Zero Trust Principles to Enterprise Mobility</a></i>, a new resource intended to guide federal civilian agencies and other organizations with
incorporating zero trust (ZT) goals as they develop and implement their enterprise mobility cybersecurity. </span></span><span class="eop"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black"> </span></span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif"><o:p></o:p></span></p>
<p class="paragraph" style="margin-right:31.5pt;background:white;font-kerning:none">
<span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif"><o:p> </o:p></span></p>
</div>
<div>
<p class="paragraph" style="margin-right:31.5pt;background:white;font-kerning:none">
<span class="normaltextrun"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">This new publication highlights the need for special consideration for mobile devices and associated enterprise security management capabilities due to their
technological evolution and ubiquitous use. The paper further presents architectural frameworks, principles, and capabilities to attain a ZT level set by the adopting organization. It then maps mobile security approaches into ZT principles that an organization
can use to align its current mobile security capabilities with a ZT approach.</span></span><span class="eop"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black"> </span></span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif"><o:p></o:p></span></p>
<p class="paragraph" style="margin-right:31.5pt;background:white;font-kerning:none">
<span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif"><o:p> </o:p></span></p>
</div>
<div>
<p class="paragraph" style="background:white;font-kerning:none"><span class="normaltextrun"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">In addition to the zero trust mapping tables, this new resource provides proposed next steps
such as: </span></span><span class="eop"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black"> </span></span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif"><o:p></o:p></span></p>
</div>
<ul style="margin-top:0in" type="disc">
<li class="paragraph" style="mso-list:l0 level1 lfo3;background:white"><span class="normaltextrun"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">Organizations should develop a strategy and their own ZT roadmap consistent with their
mission and business needs and in response to OMB’s ZT strategy and timeline.</span></span><span class="eop"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black"> </span></span><span style="font-family:"Franklin Gothic Book",sans-serif"><o:p></o:p></span></li><li class="paragraph" style="mso-list:l0 level1 lfo3;background:white"><span class="normaltextrun"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">Organizations should conduct risk assessments against organization-specific ZT goals to
develop formalized approaches for technical changes as well as personnel policies and processes for the mitigation of residual risks.</span></span><span class="eop"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black"> </span></span><span style="font-family:"Franklin Gothic Book",sans-serif"><o:p></o:p></span></li><li class="paragraph" style="mso-list:l0 level1 lfo3;background:white"><span class="normaltextrun"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">Organizational policies should specify granularity of continuous authentication and standards
for mobile device health assessments. </span></span><span class="eop"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black"> </span></span><span style="font-family:"Franklin Gothic Book",sans-serif"><o:p></o:p></span></li></ul>
<div>
<p class="paragraph" style="margin-left:.5in;background:white;font-kerning:none">
<span class="eop"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black"> </span></span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif"><o:p></o:p></span></p>
</div>
<div>
<p class="paragraph" style="background:white;font-kerning:none"><span class="normaltextrun"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black;background:white">We are also requesting
</span></span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif;color:black"><a href="https://www.cisa.gov/zero-trust-maturity-model" target="_blank"><span class="normaltextrun"><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif;background:white">public
comment</span></span></a></span><span class="normaltextrun"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black;background:white"> to ensure our guidance enables the best visibility, flexibility, and security. The deadline for providing
comment on the CISA zero trust mobility paper is April 20, 2022 and they should be su</span></span><span class="normaltextrun"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black">bmitted to:
</span></span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif;color:black"><a href="mailto:CyberLiaison@CISA.dhs.gov" target="_blank"><span class="normaltextrun"><span style="font-size:11.0pt;font-family:"Franklin Gothic Book",sans-serif;background:white">CyberLiaison@CISA.dhs.gov</span></span></a></span><span class="normaltextrun"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black;background:white">. </span></span><span class="eop"><span style="font-family:"Franklin Gothic Book",sans-serif;color:black"> </span></span><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif"><o:p></o:p></span></p>
<p class="paragraph" style="background:white;font-kerning:none"><span style="font-size:9.0pt;font-family:"Segoe UI",sans-serif"><o:p> </o:p></span></p>
</div>
</div>
</div>
<p class="MsoNormal" style="font-kerning:none"><o:p> </o:p></p>
<p class="MsoNormal"><b><span style="color:#1F497D">Theresa A. Masse<o:p></o:p></span></b></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Cyber Security Advisor, Region 10 (Oregon)
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Cybersecurity and Infrastructure Security Agency<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Department of Homeland Security<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Phone: (503) 930-5671
<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:10.0pt;color:#1F497D">Email:</span><span style="font-size:10.0pt;color:#777777">
</span><a href="mailto:theresa.masse@cisa.dhs.gov"><span style="font-size:10.0pt;color:#0563C1">theresa.masse@cisa.dhs.gov</span></a><u><span style="font-size:10.0pt;color:#0760C1"><o:p></o:p></span></u></p>
<p class="MsoNormal"><span style="color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><img border="0" width="97" height="97" style="width:1.0138in;height:1.0138in" id="Picture_x0020_1" src="cid:image001.png@01D831F9.91402EF0"><span style="color:#1F497D"><o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<p class="MsoNormal"><span style="font-size:12.0pt;color:black"><o:p> </o:p></span></p>
</div>
</body>
</html>