NSA publishes zero trust recommendations

The National Security Agency (NSA) has released a Cybersecurity Information Sheet (CSI) to enable federal agencies, partners, and organizations to assess devices in their systems and be better poised to respond to risks associated with critical resources, NSA announced October 19.

Cybersecurity threats continue to increase, and traditional defenses cannot scale to provide effective security against these threats. Transitioning to a Zero Trust security framework places defenders in a better position to secure sensitive data, systems, applications, and services against nation-state actors and malicious actors seeking quick financial gains.

The “Advancing Zero Trust Maturity Throughout the Device Pillar” CSI provides recommendations to effectively ensure all devices meet an organization’s access criteria and security policies. The NSA advises National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) network owners and operators to implement the recommendations in the CSI to increase maturity levels of the device pillar capabilities. These include device identification, inventory, and authentication, device authorization using real time inspection, and remote access protection.

“Traditional security defenses have been shown to be insufficient to address the current threat environment” said Alan Laing, NSA’s Vulnerability Analysis Subject Matter Expert. “Government organizations and critical system owners need to enhance management of their device inventories to improve detection of sophisticated threats as part of comprehensive cybersecurity strategy integrating effective and scalable solutions to secure sensitive data, applications and services.”

As indicated in the CSI, the device pillar is a foundational component of the Zero Trust security framework. It ensures devices within an environment or attempting to connect to resources in such environment are located, enumerated, authenticated, and assessed. A device is only authorized access if it meets the environment’s security policies.

The device pillar is one of the seven pillars defined in the DoD Zero Trust Reference Architecture. The capabilities discussed in this CSI complement on the “Advancing Zero Trust Maturity Throughout the User Pillar” published on 14 March 2023. NSA advises progression of the capabilities in each of the seven pillars in the Zero Trust security framework should be seen as a cycle of continuous improvement based on evaluation and monitoring of threats.

The NSA Zero Trust security framework adheres to the President’s Executive Order of Improving the Nation’s Cybersecurity (EO 14028) and National Security Memorandum 8 (NSM-8), which direct Federal Civilian Executive Branch (FCEB) agencies and NSS owners and operators to develop and implement strategic plans to adopt a Zero Trust cybersecurity framework.

Read the full report here.

Source: NSA

Help IC News continue to bring you breaking news from across the IC and IC contracting landscape. Join our paid subscribers today.