pburkholder
commented
1 year ago I'm addressing a question today on our zero-trust strategy, so it would be good to have a public authoritative reference on this. For reference, this about all I have to say:
The cloud.gov PaaS is based on Cloud Foundry, which was built on zero-trust principles, so we have not had to develop a standalone "zero trust strategy" to bring the system into line with those principles. Most of our work on M-22-09 is around meeting the more extensive requirements that the US government expects.
We are really ahead of most products when it comes to zero trust architecture. We might want a public page that explains our approach and how customers benefit from leveraging cloud.gov.
I think this may make a good stand alone page in the compliance section. Or, we could also rename the existing Customer Seperation page and add some more content there. I think there may be some SEO gains in having the page name include "zero trust."
I think people will be looking for these words and not necessarily be able to parse out that we are meeting these requirements by reading across the documentation. Are there related support questions that might support this as a customer need?