Full Packet Capture as Strategic and Regulatory Imperative
Endace partnered with SANS to review a wide range of cybersecurity regulations around the globe. This report, by Matt Bromiley, Certified Instructor at SANS, examines at how always-on packet capture enables organizations to comply with these key regulations, while also providing an essential foundation of effective cyber defense.
The report also includes detailed “tear-sheets” which outline how always-on full packet capture enables compliance with the specific requirements of key regulations and frameworks including Zero Trust, NIST CSF, ISO 27-001, NIS2 Directive, Australian ISM and more.
This page provides the information specific to US Federal OMB mandate M-22-09, “Moving the U.S. Government Toward Zero Trust Cybersecurity Principles,” and the NIST Zero Trust Architecture Framework (NIST 800-207)
See the overview of the full research study here:
Enabling Federal Zero Trust Strategy Compliance
The US Office of Management and Budget’s (OMB) Memorandum M-22-09, “Moving the U.S. Government Toward Zero Trust Cybersecurity Principles,” establishes the federal government’s zero trust strategy and implementation timeline. Building on Executive Order 14028 (EO1428) and complementing M-21-31’s logging requirements, M-22-09 mandates that federal agencies achieve specific zero trust security goals by fiscal year 2024, with continued maturity through fiscal year 2025 and beyond. Noncompliance carries significant consequences, including increased vulnerability to sophisticated attacks and potential loss of operational authorization or Congressional oversight.
For federal CISOs, security architects, and executive leadership, zero trust implementation is both a mandated modernization effort and a strategic security transformation. It enables secure remote work, supports cloud adoption, and provides defense in depth against advanced threats targeting federal systems.
However, this is often easier said than done because federal agencies continue to face substantial implementation challenges including:
- Achieving visibility into encrypted traffic while maintaining privacy and performance
- Implementing continuous authentication and authorization across legacy and modern systems
- Detecting lateral movement and insider threats in complex networks
Full packet capture (FPC) solutions directly support zero trust architecture implementations by providing the comprehensive network visibility, continuous monitoring, and data for behavioral analytics essential for “never trust, always verify” security models.
With enterprise-grade FPC solutions, federal agencies can:
- Implement continuous verification through packet-level analysis of all network communications
- Detect lateral movement, identifying unauthorized east–west traffic and insider threats
- Support encrypted traffic analysis without compromising privacy
- Accelerate threat response with definitive forensic evidence supporting investigations
Zero trust implementations demand comprehensive network visibility, continuous verification, and measurable security improvements. Enterprise FPC gives agencies the capability to meet M-22-09 requirements with confidence and support secure modernization of federal systems.
Zero Trust Architecture (M-22-09) Compliance Framework
The tearsheet below references the key pillars and requirements established by OMB M-22-09 to show where and how FPC supports zero trust implementations in each domain.
Who is Endace?
Endace specializes in scalable, high-speed, high-performance packet capture. Our solutions are used by some of world’s biggest organizations on some of the fastest networks on the planet.
If you are looking for a packet capture solution, we’d love to show you why Endace is the best choice. Contact us to book a demo or ask a question.