NSA Sets new Zero Trust Strategy Guidance


The National Security Agency (NSA) has issued a new Cybersecurity Information Sheet (CSI) that covers zero trust security for networks and how Federal agencies can adopt different techniques to stop adversarial attacks that aim to get access to agency data.

The March. 5 CSI – titled the Advancing Zero Trust Maturity Throughout the Network and Environment Pillar  – focuses on retaining internal network controls for segmented networks using zero trust principles.

“Organizations need to operate with a mindset that threats exist within the boundaries of their systems,” said NSA Cybersecurity Director Rob Joyce. “This guidance is intended to arm network owners and operators with the processes they need to vigilantly resist, detect, and respond to threats that exploit weaknesses or gaps in their enterprise architecture.”

The new CSI looks particularly at the network and environment pillar – one of the primary pillars of the zero trust model – that helps in separating important assets from unauthorized users by detailing which users have network access.

The new guidance looks at the following areas:

  • Data flow mapping;
  • Macro segmentation;
  • Micro segmentation; and
  • Software defining networking.

“The network and environment pillar isolates critical resources from unauthorized access by defining network access, controlling network and data flows, segmenting applications and workloads, and using end-to-end encryption,” NSA said.

“This pillar depends on an organization’s depth of awareness and understanding of their data – how it flows within standalone networks and across networks that interconnect physical infrastructure, cloud computing, and distributed work environments,” the intelligence agency said.