Email this Article Email   

CHIPS Articles: NSA Issues Guidance on Zero Trust Security Model

NSA Issues Guidance on Zero Trust Security Model
By NSA News - March 1, 2021
FORT MEADE, Md., Feb. 25, 2021 — The National Security Agency published a cybersecurity product, “Embracing a Zero Trust Security Model,” last week showing how deploying Zero Trust security principles can better position cybersecurity professionals to secure enterprise networks and sensitive data. To provide NSA’s customers with a foundational understanding of Zero Trust, this product discusses its benefits along with potential challenges, and makes recommendations for implementing Zero Trust within their networks.

The Zero Trust model eliminates trust in any one element, node, or service by assuming that a breach is inevitable or has already occurred. The data-centric security model constantly limits access while also looking for anomalous or malicious activity.

Adopting the Zero Trust mindset and leveraging Zero Trust principles will enable systems administrators to control how users, processes, and devices engage with data. These principles can prevent the abuse of compromised user credentials, remote exploitation, or insider threats, and even mitigate effects of supply chain malicious activity.

NSA strongly recommends that a Zero Trust security model be considered for all critical networks within National Security Systems, the Department of Defense’s critical networks, and Defense Industrial Base critical networks and systems. NSA notes that Zero Trust principles should be implemented in most aspects of a network and its operations ecosystems to become fully effective. To address potential challenges of implementing Zero Trust solutions, NSA is developing and will release additional guidance in the coming months.

NSA seeks to regularly release unique, actionable, and timely cybersecurity guidance to strengthen the cybersecurity of the nation and its allies at scale. For more information or other cybersecurity products, visit NSA.gov/cybersecurity-guidance.

Related CHIPS Articles
Related DON CIO News
Related DON CIO Policy

CHIPS is an official U.S. Navy website sponsored by the Department of the Navy (DON) Chief Information Officer, the Department of Defense Enterprise Software Initiative (ESI) and the DON's ESI Software Product Manager Team at Space and Naval Warfare Systems Center Pacific.

Online ISSN 2154-1779; Print ISSN 1047-9988
Hyperlink Disclaimer