* [Blog](https://www2.paloaltonetworks.com/blog)
* [Palo Alto Networks](https://www2.paloaltonetworks.com/blog/corporate/)
* [Points of View](https://www2.paloaltonetworks.com/blog/category/points-of-view/)
* The Zero Trust Journey fo...

# The Zero Trust Journey for Federal Agencies: The Next Phase

[](https://www.facebook.com/sharer/sharer.php?u=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2022%2F08%2Fthe-zero-trust-journey-for-federal-agencies%2F)  
[](https://twitter.com/share?text=The+Zero+Trust+Journey+for+Federal+Agencies%3A+The+Next+Phase&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2022%2F08%2Fthe-zero-trust-journey-for-federal-agencies%2F)  
[](https://www.linkedin.com/shareArticle?mini=true&url=https%3A%2F%2Fwww2.paloaltonetworks.com%2Fblog%2F2022%2F08%2Fthe-zero-trust-journey-for-federal-agencies%2F&title=The+Zero+Trust+Journey+for+Federal+Agencies%3A+The+Next+Phase&summary=&source=)  
[](https://www.paloaltonetworks.com//www.reddit.com/submit?url=https://www2.paloaltonetworks.com/blog/2022/08/the-zero-trust-journey-for-federal-agencies/&ts=markdown)  
\[\](mailto:?subject=The Zero Trust Journey for Federal Agencies: The Next Phase)  
Link copied  
By [Drew Epperson](https://www.paloaltonetworks.com/blog/author/drew-epperson/?ts=markdown "Posts by Drew Epperson")  
Aug 24, 2022  
5 minutes  
[Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown)  
[Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown)  
[Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)  
[case study](https://www.paloaltonetworks.com/blog/tag/case-study/?ts=markdown)  
[Federal](https://www.paloaltonetworks.com/blog/tag/federal/?ts=markdown)  
[Zero Trust](https://www.paloaltonetworks.com/blog/tag/zero-trust/?ts=markdown)

Not long ago, federal agencies were wondering how and where to start on their Zero Trust journey. Now, we see many agencies well on their way and looking to accelerate their approach to meet the aggressive [M-22-09 implementation deadlines](https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf). More importantly, we are hearing from agency IT leaders who are seeking guidance on the best next steps to take with Zero Trust implementation, now that their organization's journey is underway.

We have three recommendations for federal agencies ready to move beyond the getting-started phase and toward full implementation with Zero Trust. These suggested next steps are based on our experience to date, helping agencies and departments in the federal government, as well as our own company, evolve into Zero Trust enterprises:

**1. Make the Move to ZTNA 2.0 for Secure Remote Access**

Many federal agencies are finding their[initial on-ramp to Zero Trust](https://www.linkedin.com/pulse/ztna-public-sector-palo-alto-networks-publicsector/?trackingId=LPFq8LyrWp%2FOwY2cR6sNQg%3D%3D) by implementing Zero Trust Network Access (ZTNA) for their remote and hybrid teams. ZTNA is a category of technologies that provides secure remote access to applications and services based on defined access control policies, and it offers a much better user experience than a virtual private network (VPN).

However, as explained[in a previous blog](https://www.paloaltonetworks.com/blog/2022/07/launch-an-effective-zero-trust-initiative/), ZTNA is only a component of Zero Trust. And, while first-generation ZTNA solutions have helped agencies to modernize their access infrastructure, they have serious limitations. The key issue is that once a user passes the initial authentication hurdle of a first-gen ZTNA solution, they're essentially free to roam anywhere inside an organization's network.

ZTNA's shortcomings inspired Palo Alto Networks to pioneer[ZTNA 2.0](https://www.paloaltonetworks.com/sase/ztna). This next-generation ZTNA solution addresses the deficiencies of traditional ZTNA approaches by connecting all users and apps with fine-grained access controls and providing behavior-based continuous trust verification after users connect. ZTNA 2.0 helps reduce the attack surface significantly while making the transition to a broader Zero Trust architecture easier.

ZTNA 2.0 also aligns well with federal government-related programs:

* Thunderdome, which is intended to provide the U.S. Department of Defense with a more secure operating environment through the adoption of a Zero Trust model.
* The Cybersecurity and Infrastructure Security Agency (CISA) Trusted Internet Connections (TIC) 3.0 guidance is designed to help agencies secure federal data, networks and boundaries.

Palo Alto Networks also[recently announced](https://www.paloaltonetworks.com/blog/2022/07/telemetry-sharing-capability-to-cisa-claw/) that Prisma Access and our Cortex Data Lake are now fully compatible with CISA's Cloud Log Aggregation Warehouse -- aka CLAW. That means departments and agencies using Cortex Data Lake can participate in EINSTEIN by sending logs and telemetry securely to CLAW.

**2. Embrace an Ecosystem Approach to Zero Trust**

There's a lot of buzz in the marketplace from vendors promising that they're a one-stop shop for all things Zero Trust. But, the reality is that no one company can do it all. By embracing an ecosystem approach, agencies can work with Palo Alto Networks to get what they need to enable Zero Trust through integrations with technology partners. For example, we don't provide identity and access management (IAM), which is a critical component of a comprehensive Zero Trust strategy. However, we *do* deliver IAM capabilities through our[integrations](https://technologypartners.paloaltonetworks.com/English/listing/okta) with leading providers that have the required federal compliance and certifications.

Our[Cloud Identity Engine](https://www.paloaltonetworks.com/resources/techbriefs/cloud-identity-engine) is also designed to work with leading identity providers to help organizations easily authenticate and authorize their users across enterprise networks, clouds and applications, irrespective of where their identity stores live.

**3. Leverage Automation to Manage Zero Trust Effectively**

Working with a tightly knit ecosystem of partners to enable a Zero Trust strategy can also help you to consolidate your agency's security tech stack significantly. But, you'll still need a way to unify analytics and responses. A platform and automation approach is the answer.

At Palo Alto Networks, we've used our own Zero Trust journey as an opportunity to consolidate tools and automate security. Our CISO, Niall Browne,[wrote about our experience earlier this year](https://www.paloaltonetworks.com/blog/2022/05/what-we-learned-on-our-zero-trust-journey/). He explained that using Palo Alto Networks Cortex XDR and our Cortex XSOAR platform dramatically reduces the number of daily security alerts that our security operations center (SOC) team needs to handle -- from 17 billion events to 467 alerts, to just 67 incidents requiring analysis on average. XSOAR automatically remediates 58 of those alerts, while the remaining nine are enriched with additional data and then triaged by SOC analysts. Again, that's 17 billion down to just *nine*.

Browne says, "We couldn't secure our own company effectively and move toward a true Zero Trust architecture without a comprehensive security orchestration, automation and response (SOAR) platform. Federal agencies that are much larger and more complex than our company will need to do the same for their organization to be able to manage security operations effectively. There is no other choice but to transform the SOC through automation"

While the benefits of SOAR are clear, it is commonly viewed as "nice to have" (even though a shift to SOAR is a vital step toward agencies meeting the mandate for Zero Trust). The Biden administration's[Executive Order on Improving the Nation's Cybersecurity](https://www.whitehouse.gov/briefing-room/presidential-actions/2021/05/12/executive-order-on-improving-the-nations-cybersecurity/) clearly states, "Zero Trust Architecture embeds comprehensive security monitoring; granular risk-based access controls; and system security automation in a coordinated manner throughout all aspects of the infrastructure in order to focus on protecting data in real-time within a dynamic threat environment." Additionally, the Defense Information Systems Agency (DISA) [Zero Trust Reference Architecture](<https://dodcio.defense.gov/Portals/0/Documents/Library/(U)ZT_RA_v1.1(U)_Mar21.pdf>), as well as the Department of Homeland Security CISA [Zero Trust Maturity Model](https://www.cisa.gov/sites/default/files/publications/CISA%20Zero%20Trust%20Maturity%20Model_Draft.pdf), have detailed requirements specifically for SOAR.

## Ready to Take the Next Steps Toward Implementing Zero Trust?

The recommendations outlined above can help federal agencies and departments advance their Zero Trust journey. No matter how far your organization has progressed with Zero Trust, our [Professional Services team](https://www.paloaltonetworks.com/services/consulting) can help you meet your goals, including simplifying operations through automation and improving processes.

To find out where you are on the road to Zero Trust, complete this short [assessment](https://urldefense.com/v3/__https://platform.leadseed.io/bsa2public/qualification/performAssessment/builder/96d0f11d22107d1a8d5c7aee37ffdfa776bc033fd40658ed36c00aea3c4273db__;!!Mt_FR42WkD9csi9Y!ZxKSbT-lHEegUgTFRUNQqr3wIDiOgrdQEc4oIhSN8jsTv1iwD2qzMhXFYlxV9pjNqhlASjjkmjFMRSNK0XuDkbrXRRPK$) for a personalized report. Or, contact our [federal team](https://www.paloaltonetworks.com/industry/federal#public-sector-contact-form) to request a meeting.

*** ** * ** ***

## Related Blogs

### [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### How to Balance the Zero Trust Journey with the Speed of the Mission](https://www2.paloaltonetworks.com/blog/2022/06/balance-zero-trust-journey-with-the-speed-of-the-mission/)

### [Company \& Culture](https://www.paloaltonetworks.com/blog/category/company-culture/?ts=markdown), [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### The Zero Trust Enterprise --- What We Learned on Our Own Journey](https://www2.paloaltonetworks.com/blog/2022/05/what-we-learned-on-our-zero-trust-journey/)

### [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Choosing Which Federal Guidelines to Follow for Zero Trust](https://www2.paloaltonetworks.com/blog/2022/03/federal-guidelines-for-zero-trust/)

### [Points of View](https://www.paloaltonetworks.com/blog/category/points-of-view/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### The Federal Zero Trust Strategy](https://www2.paloaltonetworks.com/blog/2022/03/the-federal-zero-trust-strategy/)

### [Announcement](https://www.paloaltonetworks.com/blog/category/announcement/?ts=markdown), [Government](https://www.paloaltonetworks.com/blog/category/government/?ts=markdown), [Partner Integrations](https://www.paloaltonetworks.com/blog/sase/category/partner-integrations/?ts=markdown), [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Google Cloud, Partnered With Palo Alto Networks, Receives US Government Success Memo](https://www2.paloaltonetworks.com/blog/2021/07/us-diu-cloud-delivered-security/)

### [Products and Services](https://www.paloaltonetworks.com/blog/category/products-and-services/?ts=markdown), [Public Sector](https://www.paloaltonetworks.com/blog/category/public-sector/?ts=markdown)

[#### Zero Trust: The Key to a Hybrid Workforce](https://www2.paloaltonetworks.com/blog/2023/06/zero-trust-the-key-to-a-hybrid-workforce/)

### Subscribe to the Blog!

Sign up to receive must-read articles, Playbooks of the Week, new feature announcements, and more.
![spinner](https://www2.paloaltonetworks.com/blog/wp-content/themes/panwblog2023/dist/images/ajax-loader.gif) Sign up  
Please enter a valid email.  
By submitting this form, you agree to our [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) and acknowledge our [Privacy Statement](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown). Please look for a confirmation email from us. If you don't receive it in the next 10 minutes, please check your spam folder.  
This site is protected by reCAPTCHA and the Google [Privacy Policy](https://policies.google.com/privacy) and [Terms of Service](https://policies.google.com/terms) apply.  
{#footer} {#footer}

## Products and Services

* [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown)

* [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown)

* [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown)

* [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown)

* [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown)

* [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown)

* [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown)

* [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown)

* [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown)

* [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown)

* [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown)

* [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown)

* [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown)

* [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown)

* [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown)

* [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown)

* [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown)

* [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown)

* [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown)

* [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown)

* [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown)

* [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown)

* [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown)

* [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown)

* [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown)

* [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown)

* [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown)

* [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown)

* [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown)

* [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown)

* [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown)

* [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown)

* [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown)

* [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown)

* [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown)

* [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown)

* [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown)

* [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown)

* [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown)

* [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown)

* [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown)

* [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown)

* [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown)

## Company

* [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown)
* [Careers](https://jobs.paloaltonetworks.com/en/)
* [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown)
* [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown)
* [Customers](https://www.paloaltonetworks.com/customers?ts=markdown)
* [Investor Relations](https://investors.paloaltonetworks.com/)
* [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown)
* [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown)

## Popular Links

* [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown)
* [Communities](https://www.paloaltonetworks.com/communities?ts=markdown)
* [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown)
* [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown)
* [Event Center](https://events.paloaltonetworks.com/)
* [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center)
* [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown)
* [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown)
* [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown)
* [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown)
* [Tech Docs](https://docs.paloaltonetworks.com/)
* [Unit 42](https://unit42.paloaltonetworks.com/)
* [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd)
  ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)
* [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown)
* [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown)
* [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown)
* [Documents](https://www.paloaltonetworks.com/legal?ts=markdown)

Copyright © 2026 Palo Alto Networks. All Rights Reserved

* [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks)
* [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown)
* [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/)
* [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks)
* [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks)
* EN  
  Select your language