Advancing Zero Trust Maturity in Network and Environment Security

The National Security Agency's Cybersecurity Information Sheet, titled "Advancing Zero Trust Maturity Throughout the Network and Environment Pillar," emphasizes the importance of the Zero Trust (ZT) network and environment pillar in protecting organizations from lateral movement by malicious cyber actors. The article emphasizes the importance of using controls and capabilities to logically and physically separate, isolate, and limit access inside a network, both on and off premises, using granular policy restrictions.

One significant example is a 2013 data breach at an American retail firm, which may have been avoided by using network segmentation and access control. Traditional network security has been largely concerned with perimeter defense, frequently overlooking the need of managing, monitoring, and regulating internal and external traffic flows. The ZT security paradigm seeks to alter this focus by bringing security controls closer to resources and data, in addition to perimeter defense, to prevent lateral movement.

The document covers the network and environment pillar's main areas of concentration, which include mapping data flows inside the network, implementing network segmentation with robust access restrictions, and using software-defined networking (SDN) for centralized control and automation. These measures allow for host isolation, network segmentation, encryption enforcement, and enterprise visibility, which dramatically improves an organization's defense-in-depth posture and capacity to isolate network assaults.

The document's guidelines is primarily intended for National Security Systems, the Department of Defense, and the Defense Industrial Base, but it may also be applicable to other systems targeted by sophisticated malicious actors. The paper also refers to the President's Executive Order on Improving the Nation's Cybersecurity and National Security Memorandum 8, which require Federal Civilian Executive Branch agencies and National Security System owners and operators to implement a Zero Trust cybersecurity architecture.

Finally, the document underlines the significance of developing and refining the network and environment pillar roadmap based on the created maturity model in order to successfully resist, identify, and respond to threats. It strongly advises network owners and operators to strengthen their network and environment by establishing capabilities that correspond to the advanced degrees of maturity models indicated, while also ensuring that access to data flows is adequately safeguarded, validated, and suitable.

Previous
Previous

Understanding the 2023 FBI Internet Crime Report: Insights and Trends

Next
Next

A New Approach to Defense Resourcing: The Commission on PPBE Reform's Recommendations for Change