NSA Releases Guidance on Zero Trust Maturity Throughout the Application and Workload Pillar
https://www.nsa.gov/

NSA Releases Guidance on Zero Trust Maturity Throughout the Application and Workload Pillar


The United States National Security Agency (NSA) is releasing the Cybersecurity Information Sheet (CSI), “Advancing Zero Trust Maturity Throughout the Application and Workload Pillar ,” to help organizations secure applications from unauthorized users and ensure continuous visibility of the workload at any given time.

This CSI provides recommendations for achieving progressive levels of application and workload capabilities under the “never trust, always verify” Zero Trust (ZT) paradigm. It discusses how these capabilities integrate into a comprehensive ZT framework. ZT implementation efforts are intended to continually mature cybersecurity protections, responses, and operations over time.

“This guidance helps organizations disrupt malicious cyber activity by applying granular access control and visibility to applications and workloads in modern network environments,” said Dave Luber, NSA’s Director of Cybersecurity. “Implementing a Zero Trust framework places cybersecurity practitioners in a better position to secure sensitive data, applications, assets, and services.”

According to the CSI, applications and workloads are mutually dependent. Applications include any computer programs and services that execute in on premise and cloud environments. While applications are the individual tools that serve business needs, workloads can be standalone solutions or tightly coupled groups of processing components performing mission functions.

The application and workload pillar – one of seven in a Zero Trust architecture – depends on the following capabilities: application inventory, secure software development and integration, software risk management, resource authorization and integration, and continuous monitoring and ongoing authorizations.

NSA is assisting DoD customers in piloting Zero Trust systems and is developing additional Zero Trust guidance for incorporating Zero Trust principles and designs into enterprise networks.

This guidance expands on NSA’s previously released CSIs on Zero Trust, including the following:

Embracing a Zero Trust Security Model

Advancing Zero Trust Maturity Throughout the User Pillar

Advancing Zero Trust Maturity Throughout the Device Pillar

Advancing Zero Trust Maturity Throughout the Data Pillar

Advancing Zero Trust Maturity Throughout the Network and Environment Pillar

Read the full report here.

Vikas G.

Help clients to demand-gen. Execute 360° with #hAI inhouse USP. Content, Media, Data, Cyber-Security <Owned Bespoke Campaign Value> ROI - Own strategy, martech, cost sustainability, scale, 1st party data-trust, GTM speed

4 个月

We already implemented protocols and capabilities framework for defense at netsecurity.in

回复
Bharadwaz Rushi Dabbiru

Tech Enthusiast | Recent BITS Pilani Alum

5 个月

Learning about Zero Trust from the NSA’s guidance is really helpful for building a strong cybersecurity foundation.

回复
Guy Huntington

Trailblazing Human and Entity Identity & Learning Visionary - Created a new legal identity architecture for humans/ AI systems/bots and leveraged this to create a new learning architecture

5 个月

Hi, You might want to read “Zero Trust On Steroids! Rethinking Security Models For Citizens And Enterprises In The Age of AI Agents And Tech” - https://www.dhirubhai.net/pulse/zero-trust-steroids-rethinking-security-models-age-ai-guy-huntington-uj4cc/ Contact me if you'd like to chat, Guy ??

回复
Christos Liambas

Invited Professor and Digital Forensics Expert at Greek Courts of Justice

5 个月

Very interesting and informative!

回复
Christine Lewis-Anderson BA,MT(ASCP) BB

Perpetual Inventory Clerk at Macy's

5 个月

Good to know!

回复

要查看或添加评论,请登录

社区洞察

其他会员也浏览了