NSA Releases Zero-Trust Guidance To Limit Adversaries On The Network
The National Security Agency (NSA) has released a Cybersecurity Information Sheet (CSI) that details curtailing adversarial lateral movement within an organization’s network to access sensitive data and critical systems. The CSI, entitled “Advancing Zero Trust Maturity Throughout the Network and Environment Pillar ,” provides guidance on how to strengthen internal network control and contain network intrusions to a segmented portion of the network using Zero Trust principles.
“Organizations need to operate with a mindset that threats exist within the boundaries of their systems,” said NSA Cybersecurity Director Rob Joyce. “This guidance is intended to arm network owners and operators with the processes they need to vigilantly resist, detect, and respond to threats that exploit weaknesses or gaps in their enterprise architecture.”
The network and environment pillar–one of seven pillars that make up the Zero Trust framework–isolates critical resources from unauthorized access by defining network access, controlling network and data flows, segmenting applications and workloads, and using end-to-end encryption, according to the CSI.
The CSI outlines the key capabilities of the network and environment pillar, including data flow mapping, macro and micro segmentation, and software defined networking.
NSA is assisting DoD customers in piloting Zero Trust systems and is developing additional Zero Trust guidance for incorporating Zero Trust principles and designs into enterprise networks.This guidance expands on NSA’s previously released CSIs, “Embracing a Zero Trust Security Model ,” “Advancing Zero Trust Maturity Throughout the User Pillar ,” and “Advancing Zero Trust Maturity Throughout the Device Pillar .”?
CISO | InfoSec Leader | Zero Trust & SASE | M&A | Strategy
5 个月As the U.S. government is getting more and more direct involvement with Zero Trust, it is necessary for guidance and strategy to shift in the direction of Zero Trust as well. It is an outstanding source for anyone to follow for hardening up against the daily threats, in this age. Looking to see other industries and markets to adopt this very different approach to security. As different feeling it may be, most of us in security do have the same in mind: we assume every network has an issue, every machine is compromised and every user is a risk. Denying access to data and infrastructure components by default. It's a little paranoid, but this is the essence of Zero Trust, continual evaluation of trust.
Scientific Researcher at I.K.C.S.R.A
8 个月Hello, the cyber-security is necessary to artificial intelligence space.
NSA releases a Zero Trust guide focusing on internal network security. It details segmentation, data flow control, and encryption to limit attacker movement. This CSI complements their previous guides on User and Device pillars, offering a comprehensive Zero Trust approach. Great resource for organizations to strengthen their cybersecurity!
Great dad | Inspired Risk Management and Security Profesional | Cybersecurity | Leveraging Data Science & Analytics My posts and comments are my personal views and perspectives but not those of my employer
8 个月We are going to miss Rob Joyce his experience and understanding of cybersecurity challenges