Saturday, January 25, 2025
Homecyber securityNSA Details Seven Pillars Of Zero Trust

NSA Details Seven Pillars Of Zero Trust

Published on

SIEM as a Service

Follow Us on Google News

The National Security Agency (NSA) issued a Cybersecurity Information Sheet (CSI) that discusses limiting adversary lateral movement within an organization’s network to access sensitive data and vital systems.

This offers instructions on how to use Zero Trust principles to strengthen internal network control and restrict network intrusions to a segmented section of the network.

“This guidance is intended to arm network owners and operators with the processes they need to vigilantly resist, detect, and respond to threats that exploit weaknesses or gaps in their enterprise architecture”, NSA Cybersecurity Director Rob Joyce.

The NSA CSI defines zero trust (ZT) in Embracing a Zero Trust Security Model as a security strategy based on two key principles: acknowledgment of the ubiquity of cyber threats and removal of implicit confidence in favor of ongoing verification of all elements of the operating environment.

ZT implementation initiatives aim to improve cybersecurity defenses, responses, and operations gradually.

Seven Pillars Of Zero Trust

The seven pillars that comprise the Zero Trust framework are:

  • User
  • Device
  • Network & Environment
  • Data
  • Application & Workload
  • Automation & Orchestration
  • Visibility & Analytics
Seven pillars of Zero Trust

Using many essential features of each of the four networking and environment pillar capabilities, the ZT maturity model provides extensive network security such as Data flow mapping, Macro segmentation, Micro segmentation, and Software Defined Networking.

ZT architecture uses a secure network segmentation mechanism in addition to
securing network traffic with robust encryption and ongoing verification
of all users, devices, and data.

Defined procedures and security guidelines are essential for automation and orchestration, as are adaptable network features that allow for the dynamic isolation or modification of network segmentation as needed. 

Reports say sophisticated analytics keep an eye out for suspicious behavior on the network and in other events and activities.

All of these features support the ZT architecture and have the potential to significantly increase network security when used properly.

The network and environment pillar protects vital resources from unwanted access by defining network access, managing data flows, dividing workloads and apps, and utilizing end-to-end encryption.

This is achieved by combining software-defined networking (SDN) with appropriate macro- and micro-level network segmentation to provide centralized control and automation.

“Advancing Zero Trust Maturity throughout the User Pillar” is an extensive set of guidelines that the NSA released in April 2023 to help users in the zero-trust framework acquire certain levels of maturity.

Recommendation

The NSA strongly advises network owners and operators to enhance their network and environment by acquiring capabilities that correlate with the advanced maturity models outlined in this CSI.

“Network and environment security begins with an accurate inventory of all current data flows.

This ensures that access to these flows is properly protected, vetted, and appropriate”, the NSA said.

An organization should implement the following to improve its network and environment capabilities:

  • Map data flows based on usage patterns and operational business requirements.
  • Segment the network appropriately on both a macro and micro scale.
  • Employ SDN for automated tasking and centralized control.
  • Automate security policies to gain operational efficiency and agility.
  • Define access rules using risk-based approaches. These rules should contain precautions against allowing unauthorized or malicious traffic to flow across the perimeter, macro, and micro borders and onto network resources.

With Perimeter81 malware protection, you can block malware, including Trojans, ransomware, spyware, rootkits, worms, and zero-day exploits. All are incredibly harmful and can wreak havoc on your network.

Stay updated on Cybersecurity news, Whitepapers, and Infographics. Follow us on LinkedIn & Twitter.

Gurubaran
Gurubaran
Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.

Latest articles

Subaru’s STARLINK Connected Car’s Vulnerability Let Attackers Gain Restricted Access

In a groundbreaking discovery on November 20, 2024, cybersecurity researchers Shubham Shah and a...

Android Kiosk Tablets Vulnerability Let Attackers Control AC & Lights

A security flaw found in Android-based kiosk tablets at luxury hotels has exposed a...

CISA Releases Six ICS Advisories Details Security Issues

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) issued six Industrial Control Systems (ICS)...

Juniper Routers Exploited via Magic Packet Vulnerability to Deploy Custom Backdoor

A sophisticated cyber campaign dubbed "J-magic" has been discovered targeting enterprise-grade Juniper routers with...

API Security Webinar

Free Webinar - DevSecOps Hacks

By embedding security into your CI/CD workflows, you can shift left, streamline your DevSecOps processes, and release secure applications faster—all while saving time and resources.

In this webinar, join Phani Deepak Akella ( VP of Marketing ) and Karthik Krishnamoorthy (CTO), Indusface as they explores best practices for integrating application security into your CI/CD workflows using tools like Jenkins and Jira.

Discussion points

Automate security scans as part of the CI/CD pipeline.
Get real-time, actionable insights into vulnerabilities.
Prioritize and track fixes directly in Jira, enhancing collaboration.
Reduce risks and costs by addressing vulnerabilities pre-production.

More like this

Subaru’s STARLINK Connected Car’s Vulnerability Let Attackers Gain Restricted Access

In a groundbreaking discovery on November 20, 2024, cybersecurity researchers Shubham Shah and a...

Android Kiosk Tablets Vulnerability Let Attackers Control AC & Lights

A security flaw found in Android-based kiosk tablets at luxury hotels has exposed a...

Beware of Fake Captcha Verifications Spreading Lumma Malware

In January, Netskope Threat Labs uncovered a sophisticated global malware campaign leveraging fake CAPTCHA...