ISG report details public sector move toward zero trust

U.S. public sector organizations are strengthening cybersecurity as federal requirements mandate deeper integration of security into IT environments for mission assurance and operational resilience, according to a new research report published July 10 by Information Services Group (ISG).

The 2026 ISG Provider Lens Cybersecurity — Services and Solutions report for the U.S. Public Sector finds that cybersecurity priorities are increasingly centered on mission continuity and agencies are shifting from perimeter-based to identity-centric, zero trust architectures. Recent federal orders and guidelines are redefining security procurement, architecture and operational priorities to help ensure agencies maintain secure operations across classified and unclassified systems.

“Zero trust has become a strategic objective for government agencies and will be widely implemented over the next 24 months,” said Nathan Frey, ISG partner and public sector lead. “Mission success increasingly depends on integrating identity, continuous validation and hybrid security into day-to-day operations while maintaining uninterrupted delivery of public services.”

Under the new regulations, public sector organizations are expanding continuous authentication, granular network segmentation and strong data protection across distributed environments. They are also increasing attention to privileged access and security of non-human identities. These efforts help agencies maintain mission continuity while meeting evolving federal requirements.

AI is becoming a central element of cybersecurity strategies across the U.S. public sector as agencies prepare to counter increasingly sophisticated threats. Organizations are adopting AI-enabled security operations to improve threat detection, automate triage and accelerate incident response during high-volume attacks. At the same time, agencies are planning for stronger oversight of AI models to address explainability, model security and reliability. These capabilities are becoming essential as agencies strengthen resilience while introducing rapidly evolving AI capabilities.

State and local agencies are strengthening cybersecurity despite limited internal resources and specialized expertise. Many are adopting managed security services and FedRAMP-authorized cloud solutions to improve protection without significant capital investment. To address workforce shortages and improve response times, these organizations increasingly favor scalable, automated security capabilities that function across multicloud and multivendor environments, ISG says.

“Public sector cybersecurity is no longer defined by individual security tools but by the ability to connect strategy, engineering and operations into a continuous security lifecycle,” said Bhuvaneshwari Mohan, ISG lead analyst and lead author of the report. “Providers that can help agencies modernize legacy environments while maintaining visibility and stability will be best positioned to support long-term mission assurance.”

The report also explores other trends affecting U.S. public sector cybersecurity, including the growing role of hyperscalers and the increasing focus on post-quantum cryptography readiness for long-term protection of sensitive government data.

Source: ISG

Help IC News continue to bring you breaking news from across the IC and IC contracting landscape. Join our paid subscribers today.