BACKGROUND

A prominent federal health agency under the Department of Health and Human Services (HHS) plays a crucial role in ensuring healthcare accessibility, particularly for underserved and vulnerable populations across the U.S. This agency supports over 30 million individuals and over 1,800 rural counties and municipalities, striving to reduce health disparities and advance health equity. Collaborating with various healthcare providers, organizations, and community partners, the agency ensures efficient delivery of vital services to those in need. For more than two decades, REI Systems has partnered with this agency to help safeguard its sensitive information, including patient data and financial records, requiring robust cybersecurity measures.

CHALLENGE

Despite existing security protocols, the agency sought support from REI Systems to assess its cybersecurity landscape and address any gaps needed to align with the zero trust framework.

APPROACH

Zero Trust Architecture (ZTA) rests on five pillars: Identity, Devices, Networks, Applications and Workloads, and Data. REI Systems conducted a thorough evaluation of the agency’s cybersecurity across these pillars, assessing progress and identifying areas for improvement in endpoint security, network visibility, access controls, and data encryption.

Working with other industry partners, REI assessed several tools, including AppGate and Zscaler, that could strengthen security and integrated these solutions into the agency’s infrastructure. Here’s how the agency implemented ZTA across the five pillars:

Identity

Implemented multi-factor authentication (MFA), role-based access controls (RBAC), and privileged access management (PAM) agency-wide. 

Devices

Secured endpoints by maintaining an accurate device inventory, ensuring device health, and applying strong authentication protocols.

Networks

Enhanced network security with DNS encryption, updated Transport Layer Security (TLS) protocols, and implemented SSL offloading and bridging to secure
network traffic.

Applications & Workloads

Integrated code and web scanning tools like SonarQube and NetSparker within the CI/CD pipeline for automated, consistent security checks. 

Data

Employed SSL bridging and Transparent Data Encryption (TDE) to protect sensitive data, ensuring it remains secure at rest.

IMPACT

Through these measures, the agency achieved several security improvements, including: 

• Enhanced visibility into network traffic, improving threat detection and response. 
• Strengthened security posture, reducing the risk of data breaches and unauthorized access. 
• Improved access control policies and encryption, safeguarding sensitive data at rest and in transit. 

Compliance with the White House’s Zero Trust directives has significantly enhanced the agency’s security resilience, reducing vulnerabilities across its networks, applications, and data.

LESSONS LEARNED

Implementing zero trust is a gradual, continuous journey that requires careful alignment with an organization’s unique needs and priorities. For large-scale agencies with extensive networks and thousands of users, this approach demands ongoing assessment, adaptation, and improvements to ensure seamless user experience while maintaining top-level security. 

This health agency’s experience reinforces the importance of strong planning, continuous monitoring, and flexible technology choices, proving that zero trust principles, though challenging, deliver tangible benefits in securing sensitive data and meeting evolving cybersecurity demands.

ABOUT REI SYSTEMS

REI Systems provides reliable, effective, and innovative technology solutions that advance federal, state, local, and nonprofit missions. Our technologists and consultants are passionate about solving complex challenges that impact millions of lives. We take a Mindful Modernization® approach in delivering our application modernization, grants management systems, government data analytics, and advisory services. Mindful Modernization is the REI Way of delivering mission impact by aligning our government customers’ strategic objectives to measurable outcomes through people, processes, and technology. Learn more at REIsystems.com.