From GCN:

…Despite that guidance, some observers said that if states are to fully embrace zero trust, they will need assistance from the federal government. Brandon Pugh, a policy director and resident senior fellow for the cybersecurity and emerging threats team at the R Street Institute think tank, said the federal government could provide states with more information on how to prioritize their efforts on the journey to zero trust. 

And while it will not solve every problem, giving states more money could be crucial, he said, especially as the recent federal cyber grants will make just a small impact.

“Money doesn’t solve every problem, and endless amounts of money would not instantly create a perfect world where every state has zero trust fully implemented in a very mature way,” Pugh said. “But it would help those states that are very budget strapped and have many competing priorities…”

The most important thing, Pugh said, is having “a plan and a path” toward zero trust. And even though it may seem too sprawling and complex for states to get their heads around, Pugh noted that “whether states realize it or not, most of them have elements of zero trust in place.”