US National Security Agency (NSA) / Zero Trust Implementation Guidelines (ZIGs) Released Phase One and Phase Two guidance for zero trust maturity for Published on 2026-02-02 152
Public Sector Action
Summary
Hide ▲
Show ▼
The US National Security Agency (NSA) released Zero Trust Implementation Guidelines (ZIGs) to help organizations move toward target-level zero trust maturity. The guidance introduces Phase One and Phase Two, giving the US Department of War and broader US government stakeholders a phased path instead of a fixed roadmap. It lays out required activities, dependencies, and outcomes while allowing implementation to be tailored to operational needs. The release matters because it formalizes a modular federal zero-trust framework for government cyber defense.
Related Happenings
CISA joint Zero Trust OT guide
Public Sector Action
First: 29.04.2026 15:00
Last: 29.04.2026 15:00
Sources 1
About this happening:
CISA and U.S. partners **published** a joint guide to help **OT owners and operators** apply **Zero Trust** to **operational technology environments**, giving government and infra...
CISA joint Zero Trust OT guide
Public Sector ActionAbout this happening: CISA and U.S. partners **published** a joint guide to help **OT owners and operators** apply **Zero Trust** to **operational technology environments**, giving government and infra...
CISA publishes Be Air Aware guidance for UAS threats
Public Sector Action
First: 11.02.2026 14:00
Last: 11.02.2026 14:00
Sources 1
About this happening:
CISA published the **Be Air Aware™** guidance suite, giving organizations a federal playbook for **Unmanned Aircraft System Threats**. The guides were issued in **November** after...
CISA publishes Be Air Aware guidance for UAS threats
Public Sector ActionAbout this happening: CISA published the **Be Air Aware™** guidance suite, giving organizations a federal playbook for **Unmanned Aircraft System Threats**. The guides were issued in **November** after...
CISA end-of-support edge device decommissioning mandate (BOD 26-02)
Advisory/Mitigation
First: 06.02.2026 10:41
Last: 06.02.2026 10:41
Sources 1
About this happening:
CISA's **BOD 26-02** now forces **U.S. federal agencies** to inventory, decommission, and replace **end-of-support edge devices** that no longer receive security updates. The dire...
CISA end-of-support edge device decommissioning mandate (BOD 26-02)
Advisory/MitigationAbout this happening: CISA's **BOD 26-02** now forces **U.S. federal agencies** to inventory, decommission, and replace **end-of-support edge devices** that no longer receive security updates. The dire...
CISA orders federal agencies to remediate end-of-support edge devices
Public Sector Action
First: 05.02.2026 14:00
Last: 05.02.2026 14:00
Sources 1
About this happening:
**CISA** issued **Binding Operational Directive 26-02** to require **FCEB agencies** to inventory, update, and remove **end-of-support edge devices** within a specified timeframe....
CISA orders federal agencies to remediate end-of-support edge devices
Public Sector ActionAbout this happening: **CISA** issued **Binding Operational Directive 26-02** to require **FCEB agencies** to inventory, update, and remove **end-of-support edge devices** within a specified timeframe....
M-26-05 Rescinded prior federal software security memorandums for On Jan. 23 2026
Public Sector Action
First: 30.01.2026 00:25
Last: 30.01.2026 00:25
Sources 1
About this happening:
**OMB** issued **M-26-05** on **Jan. 23, 2026**, rescinding prior federal software security memorandums and removing the expectation that agencies require **SBOMs** and software *...
M-26-05 Rescinded prior federal software security memorandums for On Jan. 23 2026
Public Sector ActionAbout this happening: **OMB** issued **M-26-05** on **Jan. 23, 2026**, rescinding prior federal software security memorandums and removing the expectation that agencies require **SBOMs** and software *...
Timeline
-
02.02.2026 18:05 2 articles · 3mo ago
NSA releases phased Zero Trust Implementation Guidelines
Initial DisclosureThe US National Security Agency (NSA) released Zero Trust Implementation Guidelines (ZIGs) for the US Department of War (DoW) and broader US government cybersecurity strategy, introducing Phase One and Phase Two to move organizations from Discovery to target-level zero trust maturity. Phase One defines 36 activities supporting 30 zero trust capabilities, and Phase Two adds 41 activities enabling 34 additional capabilities across component environments.
Show sources
- NSA Publishes New Zero Trust Implementation Guidelines — www.infosecurity-magazine.com — 02.02.2026 18:05
- NSA Publishes New Zero Trust Implementation Guidelines — www.infosecurity-magazine.com — 02.02.2026 18:05
-
02.02.2026 18:05 1 articles · 3mo ago
Zero trust guidance emphasizes continuous evaluation after login
Technical Analysis UpdateBrian Soby of AppOmni said zero trust should be treated as an operating model rather than a product and argued that policy decisions must be continuously evaluated as conditions change. The guidance stresses that continuous evaluation has to happen after login, not just at login, warns that many successful attacks occur post-authentication, and cautions that zero trust network access alone is insufficient without visibility into application policy decision points.
Show sources
- NSA Publishes New Zero Trust Implementation Guidelines — www.infosecurity-magazine.com — 02.02.2026 18:05