U.S. Public Sector Moves Toward Zero Trust Security

U.S. public sector organizations are strengthening cybersecurity as federal requirements mandate deeper integration of security into IT environments for mission assurance and operational resilience, according to a new research report published today by Information Services Group (ISG) (Nasdaq: III), a global AI-centered technology research and advisory firm.

The 2026 ISG Provider Lens® Cybersecurity — Services and Solutions report for the U.S. Public Sector finds that cybersecurity priorities are increasingly centered on mission continuity and agencies are shifting from perimeter-based to identity-centric, zero trust architectures. Recent federal orders and guidelines are redefining security procurement, architecture and operational priorities to help ensure agencies maintain secure operations across classified and unclassified systems.

“Zero trust has become a strategic objective for government agencies and will be widely implemented over the next 24 months,” said Nathan Frey, ISG partner and Public Sector lead. “Mission success increasingly depends on integrating identity, continuous validation and hybrid security into day-to-day operations while maintaining uninterrupted delivery of public services.”

Under the new regulations, public sector organizations are expanding continuous authentication, granular network segmentation and strong data protection across distributed environments. They are also increasing attention to privileged access and security of non-human identities. These efforts help agencies maintain mission continuity while meeting evolving federal requirements.

AI is becoming a central element of cybersecurity strategies across the U.S. public sector as agencies prepare to counter increasingly sophisticated threats. Organizations are adopting AI-enabled security operations to improve threat detection, automate triage and accelerate incident response during high-volume attacks. At the same time, agencies are planning for stronger oversight of AI models to address explainability, model security and reliability. These capabilities are becoming essential as agencies strengthen resilience while introducing rapidly evolving AI capabilities.

State and local agencies are strengthening cybersecurity despite limited internal resources and specialized expertise. Many are adopting managed security services and FedRAMP-authorized cloud solutions to improve protection without significant capital investment. To address workforce shortages and improve response times, these organizations increasingly favor scalable, automated security capabilities that function across multicloud and multivendor environments, ISG says.

“Public sector cybersecurity is no longer defined by individual security tools but by the ability to connect strategy, engineering and operations into a continuous security lifecycle,” said Bhuvaneshwari Mohan, ISG lead analyst and lead author of the report. “Providers that can help agencies modernize legacy environments while maintaining visibility and stability will be best positioned to support long-term mission assurance.”

The report also explores other trends affecting U.S. public sector cybersecurity, including the growing role of hyperscalers and the increasing focus on post-quantum cryptography readiness for long-term protection of sensitive government data.

For more insights into the cybersecurity challenges faced by U.S. public sector organizations, along with ISG’s advice for addressing them, see the ISG Provider Lens Focal Points briefing here.

The report evaluates the capabilities of 26 providers across three quadrants: Strategic Security Services, Technical Security Services and Next-Gen SOC/MDR Services.

It names Accenture, Capgemini, Deloitte, EY, HCLTech IBM, Infosys and Unisys as Leaders in all three quadrants. KPMG and Leidos are named as Leaders in two quadrants each.

In addition, TCS is named as a Rising Star — a company with a “promising portfolio” and “high future potential” by ISG’s definition — in two quadrants. LevelBlue is named as a Rising Star in one quadrant.

In the area of customer experience, EY is named the global ISG CX Star Performer for 2026 among cybersecurity service and solution providers. EY earned the highest customer satisfaction scores in ISG’s Voice of the Customer survey, part of the ISG Star of Excellence™ program, the premier quality recognition for the technology and business services industry.

The 2026 ISG Provider Lens Cybersecurity — Services and Solutions report for the U.S. Public Sector is available to subscribers or for one-time purchase on this webpage.

About ISG

ISG (Nasdaq: III) is a global AI-centered technology research and advisory firm. A trusted partner to more than 900 clients, including 75 of the world’s top 100 enterprises, ISG is a long-time leader in technology and business services that is now at the forefront of leveraging AI to help organizations achieve operational excellence and faster growth. The firm, founded in 2006, is known for its proprietary market data and research, in-depth knowledge and governance of provider ecosystems, and the expertise of its 1,500 professionals worldwide working together to help clients maximize the value of their technology investments.

Media gallery