NSA releases Zero Trust Maturity guidance
On May 22, the National Security Agency (NSA) released the Cybersecurity Information Sheet (CSI), “Advancing Zero Trust Maturity Throughout the Application and Workload Pillar,” to help organizations secure applications from unauthorized users and ensure continuous visibility of the workload at any given time.
This CSI provides recommendations for achieving progressive levels of application and workload capabilities under the “never trust, always verify” Zero Trust (ZT) paradigm. It discusses how these capabilities integrate into a comprehensive ZT framework. ZT implementation efforts are intended to continually mature cybersecurity protections, responses, and operations over time.
“This guidance helps organizations disrupt malicious cyber activity by applying granular access control and visibility to applications and workloads in modern network environments,” said Dave Luber, NSA’s Director of Cybersecurity. “Implementing a Zero Trust framework places cybersecurity practitioners in a better position to secure sensitive data, applications, assets, and services.”
According to the CSI, applications and workloads are mutually dependent. Applications include any computer programs and services that execute in on premise and cloud environments. While applications are the individual tools that serve business needs, workloads can be standalone solutions or tightly coupled groups of processing components performing mission functions.
The application and workload pillar – one of seven in a Zero Trust architecture – depends on the following capabilities: application inventory, secure software development and integration, software risk management, resource authorization and integration, and continuous monitoring and ongoing authorizations.
NSA is assisting DoD customers in piloting Zero Trust systems and is developing additional Zero Trust guidance for incorporating Zero Trust principles and designs into enterprise networks.
Source: NSA
Stay in the know with breaking news from across the IC and IC contracting landscape by becoming a paid subscriber to IC News. Your support makes our work possible.