Executive Summary

The Securities and Exchange Commission (SEC) needed a comprehensive Zero Trust Identity and Device assessment in alignment with Executive Order 14028: Improving the Nation’s Cybersecurity. With 300+ applications, 7 High-Value Assets (HVAs), and 3 identity management products, the challenge was to identify Zero Trust gaps, develop a strategy, and create an implementation plan within a strict 7-month timeline. Zephon (working under Olympus Solutions and GDIT as a sub-contractor) not only met this deadline well ahead of schedule but also delivered a phased, prioritized roadmap to guide the SEC toward an Optimal Zero Trust maturity level.

Key Challenges

• Complex IT Ecosystem: 300+ applications and multiple identity management products

• High-Value Assets (HVAs): Critical systems requiring rigorous assessment

• Zero Trust Compliance: Aligning SEC’s security posture with CISA’s Zero Trust Maturity Model

  
  

Solution Delivered

Zephon applied subject matter expertise in Zero Trust and identity governance to:

• Conduct HVA Risk Assessments: Performed security evaluations, gap analysis, and risk mitigation strategies

• Assess Identity & Device Zero Trust Maturity: Mapped existing security controls against CISA’s Zero Trust Maturity Model

• Develop a Multi-Year Strategy: Created a prioritized implementation roadmap to guide SEC toward an Optimal maturity level

  
  

Results & Business Impact

• Early Project Completion: Delivered full Zero Trust assessment ahead of schedule

• Comprehensive HVA Reports: Provided security assessments with actionable recommendations

• Multi-Year Zero Trust Strategy: A phased, structured approach to reaching Optimal Zero Trust maturity

  
  

Why Zephon?

Zephon delivers pragmatic, hassle-free cybersecurity solutions that help federal agencies accelerate Zero Trust adoption, reduce risk, and improve security visibility. Our deep expertise in identity governance and security assessments ensures agencies remain compliant, resilient, and future-ready.

Technical Approach & Implementation

Assessment & Strategy Development

• CISA Zero Trust Maturity Model Alignment: Evaluated SEC’s security posture for Identity and Device pillars

• HVA Security & Risk Assessments: Conducted detailed security reviews and gap analyses

• Prioritized Multi-Year Implementation Plan: Phased approach for Zero Trust adoption with clear milestones

  
  

Implementation Process

• Zero Trust Readiness Analysis: Identified gaps in identity management and device security

• Custom Security Roadmap: Delivered a structured, phased plan with defined objectives

• Executive-Level Reporting: Provided detailed HVA reports and multi-year security strategy

  
  

Methodologies & Tools

• CISA Recommended HVA Assessment Framework

• CISA Zero Trust Maturity Model

  
  

Conclusion

Zephon successfully delivered a comprehensive Zero Trust assessment for SEC ahead of schedule, providing a clear, actionable strategy to enhance identity and device security. By aligning with CISA’s Zero Trust Maturity Model, Zephon helped SEC identify security gaps, mitigate risks, and build a resilient, Zero Trust-compliant infrastructure.

For federal agencies seeking to fast-track Zero Trust adoption and enhance cybersecurity resilience, Zephon offers proven expertise and a results-driven approach.

Hassle-Free Cyber. Delivered.