The National Security Agency (NSA) has published guidance on how to improve cybersecurity by integrating zero trust principles into enterprise networks.
The adoption of zero trust is mandated by the President’s executive order on improving the nation’s cybersecurity and National Security Memorandum 8. The NSA has identified seven different pillars, namely application/workload, automation and orchestration, device, data, network/environment, user, and visibility and analytics, that should be integrated to mature zero trust frameworks.
Additionally, the user pillar of zero trust refines capabilities associated with the Federal Identity, Credential, and Access Management (FICAM) framework established in 2009 to provide a common ICAM segment architecture for federal agencies to use.
Maturing identity management involves creating an inventory of users with access to critical resources, using standardized inventories that are centrally accessible, performing identity vetting, defining enterprise attribute standards, and defining risk-based attributes.
The access management aspect of zero trust covers the policies and mechanisms through which only authenticated users that are authorized can access protected resources.
At the same time, it involves minimizing privileges to specific roles, implementing least privilege access policies and just in time / just enough access policies, adopting privileged access management tools, providing privileged access devices/workstations to administrators, and implementing a risk adaptive access framework.
When implementing identity federation, organizations should inventory needed partner identities, map partner identity and credential assurance levels and access policies, and establish levels of trust for the federated identities.
Furthermore, expanding and refining the FICAM roadmap under the principles of a zero trust security model will provide an organization with tools and processes for resisting, detecting, and responding to ever increasing threats that exploit weaknesses or gaps in their ICAM programs.
The tools and processes support an operational mindset that threats exist within the nominal boundaries of their systems. Vigilance is required to ensure that risks are continually assessed and appropriate responses are enacted in a timely manner.
