NSA Rolls Out New Zero Trust Guidance

The National Security Agency (NSA) released a new Cybersecurity Information Sheet (CSI) on May 22 outlining best practices for securing applications from unauthorized users and ensuring continuous workload visibility at any given time.

Dubbed “Advancing Zero Trust Maturity Throughout the Application and Workload Pillar,” the CSI provides organizations with a roadmap for enhancing their application and workload capabilities.

This latest CSI is part of an ongoing series of directives from the agency tailored to guide organizations in implementing zero trust systems. Thus far, NSA has covered four other pillars of the zero trust architecture – user, data, device, and network and environment.

NSA is currently developing additional zero trust guidance.

“Implementing a Zero Trust framework places cybersecurity practitioners in a better position to secure sensitive data, applications, assets, and services,” Dave Luber, NSA’s director of cybersecurity, said in a statement.

This recent CSI says that the application and workload pillar is crucial within a zero trust architecture, with both elements being mutually dependable.

“While applications are the individual tools that serve business needs, workloads can be standalone solutions or tightly coupled groups of processing components performing mission functions,” the guidance states.

Specifically, the CSI emphasizes that the application and workload pillar relies on an organization’s ability to integrate key capabilities into a comprehensive zero trust framework.

These capabilities include application inventory, secure software development and integration, software risk management, resource authorization and integration, and continuous monitoring and ongoing authorizations.

“This guidance helps organizations disrupt malicious cyber activity by applying granular access control and visibility to applications and workloads in modern network environments,” Luber said.