CISA Publishes Applying Zero Trust Principles to Enterprise Mobility

CISA Publishes Applying Zero Trust Principles to Enterprise Mobility


As the nation’s cyber defense agency, CISA has published Applying Zero Trust Principles to Enterprise Mobility, a new resource intended to guide federal civilian agencies and other organizations with incorporating zero trust (ZT) goals as they develop and implement their enterprise mobility cybersecurity.

This new publication highlights the need for special consideration for mobile devices and associated enterprise security management capabilities due to their technological evolution and ubiquitous use. The paper further presents architectural frameworks, principles, and capabilities to attain a ZT level set by the adopting organization. It then maps mobile security approaches into ZT principles that an organization can use to align its current mobile security capabilities with a ZT approach.

In addition to the zero trust mapping tables, this new resource provides proposed next steps such as:

  • Organizations should develop a strategy and their own ZT roadmap consistent with their mission and business needs and in response to OMB’s ZT strategy and timeline.
  • Organizations should conduct risk assessments against organization-specific ZT goals to develop formalized approaches for technical changes as well as personnel policies and processes for the mitigation of residual risks.
  • Organizational policies should specify granularity of continuous authentication and standards for mobile device health assessments.

We are also requesting public comment to ensure our guidance enables the best visibility, flexibility, and security. The deadline for providing comment on the CISA zero trust mobility paper is April 20, 2022, and they should be submitted to:

Your support to amplify this advisory through your communications and social media channels is appreciated. And as always, thank you for your continued collaboration.


Steve Lyddon
Protective Security Advisor, Region 5, Illinois
Cybersecurity and Infrastructure Security Agency
U.S. Department of Homeland Security
Cell:  217-299-3954 |