60.9 F
Washington D.C.
Saturday, May 18, 2024

NSA Releases Recommendations for Maturing Identity, Credential, and Access Management in Zero Trust

Upcoming additional guidance will help organize, guide, and simplify incorporating Zero Trust principles and designs into enterprise networks.

The National Security Agency (NSA) released the “Advancing Zero Trust Maturity throughout the User Pillar” Cybersecurity Information Sheet (CSI) today to help system operators’ mature identity, credential, and access management (ICAM) capabilities to effectively mitigate certain cyber threat techniques.

Cybersecurity incidents are on the rise due to immature capabilities in identity, credential, and access management (ICAM) of national security, critical infrastructure, and Defense Industrial Base (DIB) systems. The Zero Trust model limits access to only what is needed and assumes that a breach is inevitable or already occurred. Adoption of a Zero Trust cybersecurity framework is part of the National Cybersecurity Strategy and is directed by the President’s Executive Order on Improving the Nation’s Cybersecurity (EO 14028) and National Security Memorandum 8 (NSM-8), for Federal Civilian Executive Branch (FCEB) agencies and National Security System (NSS) owners and operators.

NSA is assisting DoD customers in integrating the Zero Trust framework within NSS, Department of Defense (DoD), and DIB environments. Upcoming additional guidance will help organize, guide, and simplify incorporating Zero Trust principles and designs into enterprise networks.

To achieve a mature Zero Trust framework, systems must integrate and harmonize the capabilities from the following seven pillars: user, device, data, application/workload, network/environment, visibility and analytics, and automation and orchestration. The CSI expands on the “Embracing a Zero Trust Security Model” CSI published in 2021, by defining capability and maturity levels for the user pillar.

“Malicious cyber actors increasingly exploit gaps and immature capabilities in the identity, credential, and access management of our nation’s most critical systems,” said Kevin Bingham, Critical Government Systems, Zero Trust Lead. “Our report provides recommendations that will help system operators strengthen identity protections to limit the damage of future compromises.”

NSA strongly recommends NSS owners and operators build up ICAM and operational practices of their enterprise, working through the outlined capabilities toward the advanced maturity level.

Read the full report here.

Visit our full library for more cybersecurity information and technical guidance.

Read more at NSA

author avatar
Homeland Security Today
The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.
Homeland Security Today
Homeland Security Todayhttp://www.hstoday.us
The Government Technology & Services Coalition's Homeland Security Today (HSToday) is the premier news and information resource for the homeland security community, dedicated to elevating the discussions and insights that can support a safe and secure nation. A non-profit magazine and media platform, HSToday provides readers with the whole story, placing facts and comments in context to inform debate and drive realistic solutions to some of the nation’s most vexing security challenges.

Related Articles

Latest Articles