NSA offers maturing data security guidance

On April 9, the National Security Agency (NSA) issued guidance for maturing data security and protecting access to data at rest and in transit.

The recommendations in the Cybersecurity Information Sheet (CSI), “Advancing Zero Trust Maturity Throughout the Data Pillar,” are intended to ensure only those with authorization can access data. The capabilities outlined in the CSI integrate into a comprehensive Zero Trust (ZT) Framework.

“Malicious cyber actors continuously increase their ability to infiltrate networks and gain access to sensitive data,” said Dave Luber, NSA’s Director of Cybersecurity. “Assuming that breaches will occur, implementing the pillars of the Zero Trust Framework is how we combat that activity.  Data pillar capabilities verify all access to data — one of the key foundational elements for building improved cybersecurity — thereby reducing the impact of breaches and enabling earlier detection of even advanced malicious cyber actor activities.”

Since releasing the “Embracing a Zero Trust Security Model” Cybersecurity Information Sheet in February 2021, NSA has continued to release updates and related products that provide guidance on how to adopt a ZT mindset to secure systems. The seven pillars of ZT architecture are as follows: user, device, network/environment, applications and workload, visibility and analytics, automation and orchestration, and data.

This CSI recognizes the value of the data pillar and how its capabilities mitigate risk, including the use of encryption, tagging and labeling, data loss prevention strategies, and application of data rights management tools.

Read the report here.

Source: NSA

Stay in the know with breaking news from across the IC and IC contracting landscape by becoming a paid subscriber to IC News. Your support makes our work possible.