The next phase of zero trust: From recognizing known threats to stopping threats

https://federalnewsnetwork.com/commentary/2026/05/the-next-phase-of-zero-trust-from-recognizing-known-threats-to-stopping-threats/

Publish Date: 2026-05-13 17:01:00

Source Domain: federalnewsnetwork.com

Zero trust, as articulated in the Federal Zero Trust Strategy (M-22-09), was not just a technical strategy. It was a governance intervention, and importantly, one backed by dedicated funding for execution.

It forced a long-overdue shift in federal cybersecurity thinking, from perimeter-based trust to continuous verification, and translated that shift into measurable objectives. By anchoring progress to specific capabilities such as phishing-resistant multi-factor authentication (MFA) and endpoint detection and response, M-22-09 created a common goal across agencies and introduced accountability into a historically fragmented security landscape.

But the success of the Federal Zero Trust Strategy also revealed its primary limitation: It optimized federal cybersecurity around the identification and management of known threats and hunting of unknown threats in an environment where adversaries are increasingly acting with novelty, speed and unpredictability.

When measurement becomes the ceiling

M-22-09 deliberately translated strategic principles into named controls because measurement was essential to progress. Agencies could report, the Office of Management and Budget could assess, and Congress could oversee whether agencies had implemented crucial security guardrails, such as phishing-resistant MFA, endpoint detection and response, vulnerability disclosure policies and others — enabling coordinated action across the federal enterprise.

]]

Meanwhile, adversaries continued shifting toward techniques that evade static controls, including identity abuse, software supply chain compromise and automation-driven intrusion. But agencies remained incentivized to meet these measurable zero trust goals.