The National Security Agency has issued new guidance for adopting zero-trust network principles: Advancing Zero Trust Maturity Throughout the Network and Environment Pillar.
The NSA first issued guidance for a zero-trust (ZT) framework in February 2021, inspired by the 2020 Verizon breach and then again in April 2023 with – Advancing Zero Trust Maturity Throughout the User Pillar.
This week’s release focusses on the third pillar of the seven ZT pillars, the network and environment component of Zero Trust, comprised of hardware and software assets, non-person entities, and protocols for inter-communication.
The Zero Trust maturity model network is secured in-depth through key functions of the four networking and environment pillar capabilities:
- Data flow mapping
- Macro segmentation
- Micro segmentation
- Software Defined Networking
The NSA CSI, Embracing a Zero Trust Security Model, defines the concept of ZT as a security strategy with core principles: acknowledgement of the ubiquity of cyber threats, and elimination of implicit trust favoring instead continuous verification of all aspects of the operational environment.
A zero-trust security model requires stringent access controls for accessing network resources, whether inside or outside the physical perimeter, to limit the breach consequences.
In contrast to the conventional IT security model, where all network entities are presumed trustworthy, zero-trust architecture assumes the presence of existing threats and restricts network access accordingly.
Mark Cooper, President & Founder, PKI Solutions had this comment:
“Public Key Infrastructure (PKI) supports the zero-trust model by managing and securing digital certificates and keys. PKI is core to critical infrastructure protection environments. It ensures authenticated and encrypted communication within a network, aligning with zero-trust principles by verifying every user and device before granting access. PKI is core to critical infrastructure protection environments. What is often missing and overlooked is the required level of posture management that focuses on proactive monitoring for misconfigurations and remediating them before they become vulnerabilities that get exposed. “
“This approach highlighting the required level of security posture management complements the NSA’s guidance by enhancing trust verification and limiting adversaries’ network access.”
I’m a big fan of zero trust as it reduces the chance that you could get pwned by a threat actor. Which is why I am glad that the NSA is offering guidance that organizations of all sizes should be following.
Like this:
Like Loading...
Related
This entry was posted on March 7, 2024 at 9:00 am and is filed under Commentary with tags NSA. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
NSA Issues Guidance On Adopting A Zero Trust Stance
The National Security Agency has issued new guidance for adopting zero-trust network principles: Advancing Zero Trust Maturity Throughout the Network and Environment Pillar.
The NSA first issued guidance for a zero-trust (ZT) framework in February 2021, inspired by the 2020 Verizon breach and then again in April 2023 with – Advancing Zero Trust Maturity Throughout the User Pillar.
This week’s release focusses on the third pillar of the seven ZT pillars, the network and environment component of Zero Trust, comprised of hardware and software assets, non-person entities, and protocols for inter-communication.
The Zero Trust maturity model network is secured in-depth through key functions of the four networking and environment pillar capabilities:
The NSA CSI, Embracing a Zero Trust Security Model, defines the concept of ZT as a security strategy with core principles: acknowledgement of the ubiquity of cyber threats, and elimination of implicit trust favoring instead continuous verification of all aspects of the operational environment.
A zero-trust security model requires stringent access controls for accessing network resources, whether inside or outside the physical perimeter, to limit the breach consequences.
In contrast to the conventional IT security model, where all network entities are presumed trustworthy, zero-trust architecture assumes the presence of existing threats and restricts network access accordingly.
Mark Cooper, President & Founder, PKI Solutions had this comment:
“Public Key Infrastructure (PKI) supports the zero-trust model by managing and securing digital certificates and keys. PKI is core to critical infrastructure protection environments. It ensures authenticated and encrypted communication within a network, aligning with zero-trust principles by verifying every user and device before granting access. PKI is core to critical infrastructure protection environments. What is often missing and overlooked is the required level of posture management that focuses on proactive monitoring for misconfigurations and remediating them before they become vulnerabilities that get exposed. “
“This approach highlighting the required level of security posture management complements the NSA’s guidance by enhancing trust verification and limiting adversaries’ network access.”
I’m a big fan of zero trust as it reduces the chance that you could get pwned by a threat actor. Which is why I am glad that the NSA is offering guidance that organizations of all sizes should be following.
Share this:
Like this:
Related
This entry was posted on March 7, 2024 at 9:00 am and is filed under Commentary with tags NSA. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.