The National Security Agency (NSA) has released a new Cybersecurity Information Sheet (CSI) for zero trust networks outlining detailed information on curtailing adversarial lateral movements to access sensitive data in critical systems.
The CSI – titled Advancing Zero Trust Maturity Throughout the Network and Environment Pillar released on March 5 – helps strengthen internal network control and contain network intrusions for a segmented portion of networks using zero trust principles.
“Organizations need to operate with a mindset that threats exist within the boundaries of their systems,” said NSA Cybersecurity Director Rob Joyce. “This guidance is intended to arm network owners and operators with the processes they need to vigilantly resist, detect, and respond to threats that exploit weaknesses or gaps in their enterprise architecture.”
The new guidance reinforces the network and environment pillar – one of the seven pillars of zero trust – which focuses on isolating critical resources from unauthorized access by outlining network access.
The CSI gives insight in the following areas:
- Data flow mapping;
- Macro segmentation;
- Micro segmentation; and
- Software defining networking.
“The network and environment pillar isolates critical resources from unauthorized access by defining network access, controlling network and data flows, segmenting applications and workloads, and using end-to-end encryption,” stated the NSA.
“This pillar depends on an organization’s depth of awareness and understanding of their data – how it flows within standalone networks and across networks that interconnect physical infrastructure, cloud computing, and distributed work environments,” stated the NSA.
