NSA urges continuous checks to achieve zero trust | Computer Weekly

NSA urges continuous checks to achieve zero trust | Computer Weekly

Briefly

"The US National Security Agency (NSA) has published its latest guidance on zero trust to secure US federal government IT networks and systems. This is the first of two guidance documents coming out of the NSA, providing "practical and actionable" recommendations that can be applied as best practice to secure corporate IT environments both in the public and private sectors."

"In the document, the NSA defines a "zero-trust mindset", which means assuming IT environment traffic, users, devices and infrastructure may be compromised. To achieve this, the guidance urges IT security teams to establish a rigorous authentication and authorisation process for all access requests. In the context of securing the integrity of government IT systems, it said that such a strategy enhances the security posture of networks by rigorously validating every access request, which prevents unauthorised changes, reduces risk of malicious code insertion, and ensures the integrity of software and supply chains"

"The NSA said IT security teams should plan for deny-by-default and heavily scrutinise all users, devices, data flows and requests. This means that IT security teams need to log, inspect and monitor all configuration changes, resource accesses and environment traffic for suspicious activity continuously."