The National Security Agency (NSA) has issued a cybersecurity guidance to help cybersecurity leaders, enterprise network owners, and administrators embrace a Zero Trust security model.
According to the cybersecurity information document, Zero Trust is a security model, a set of system design principles, and a coordinated cybersecurity and system management strategy based on an acknowledgement that threats exist both inside and outside traditional network boundaries.
The Zero Trust security model eliminates implicit trust in any one element, node, or service. Moreover, it requires continuous verification of the operational picture via real-time information fed from multiple sources to determine access and other system responses.
“By implementing a modern cybersecurity strategy that integrates visibility from multiple vantage points, makes risk-aware access decisions, and automates detection and response actions, network defenders will be in a much better position to secure sensitive data, systems, applications, and services,” NSA said in the release.
Zero Trust is an “assumed breach” security model that is meant to guide cybersecurity architects, integrators, and implementers in integrating disparate but related cybersecurity capabilities into a cohesive engine for cybersecurity decision-making.
NSA strongly recommends that a Zero Trust security model be considered for critical networks to include National Security Systems (NSS), Department of Defense (DoD) networks, and Defense Industrial Base (DIB) systems.