FORT MEADE, Md. – The National Security Agency (NSA) is releasing the Cybersecurity Information Sheet (CSI) “Advancing Zero Trust Maturity Throughout the Automation and Orchestration Pillar” to help organizations better detect cyber threats and respond to common threats faster.
This report – the final CSI published by NSA in a series addressing the seven pillars of DoD’s Zero Trust (ZT) framework – also provides recommendations for automating routine tasks to better focus resources on investigating anomalies associated with advanced tactics, techniques, and procedures.
In 2021, the President of the United States directed the Federal Government to advance towards the development and implementation of a Zero Trust framework.
“From the outset of this project, we’ve acknowledged and appreciated the value of implementing a Zero Trust framework for providing the best defense against data compromise,” said Dave Luber, NSA’s Director of Cybersecurity. “Our mission has been to expand upon the DoD’s seven pillar ZT model in a way that makes it accessible and practical to organizations of all types. As Zero Trust is being implemented, the positive and far-reaching applications have been encouraging to witness.”
The Automation and Orchestration CSI highlights three key areas that span the capabilities of the pillar.
First, organizations should employ automation and orchestration methods to address repetitive, labor intensive, and predictable tasks for critical functions and access control.
Second, organizations should employ advanced algorithms and analytics, specifically artificial intelligence (AI) and machine learning (ML), to enhance critical functions.
Third, an organization’s ability to coordinate security operations and incident response is vital to its security and should be aided by AI and ML and other automation efforts to more quickly and effectively detect, respond to, and mitigate threats.
A Recap of the CSIs on the Seven Pillars of the ZT framework:
This release marks NSA’s final CSI published on the seven pillars of ZT, along with an initial CSI about the ZT model as a whole. Collectively, the CSIs provide comprehensive security guidance for National Security System, Department of Defense, and other network owners and operators to implement ZT and mature cybersecurity protections, responses, and operations over time.
- “Embracing a Zero Trust Security Model” recommends leveraging Zero Trust principles to enable system administrators to control how users, processes, and devices engage with data to prevent the abuse of compromised user credentials, remote exploitation, or insider threats, and even mitigate some effects of supply chain compromises. Published 25 February 2021.
- “Advancing Zero Trust Maturity Throughout the User Pillar” urges maturing capabilities for identity, credential, and access management for the nation’s most critical systems. Published 14 March 2023.
- “Advancing Zero Trust Maturity Throughout the Device Pillar” provides recommendations for enumerating, authenticating, assessing, and managing devices to inform whether they should be allowed to access critical resources. Published 19 October 2023.
- “Advancing Zero Trust Maturity Throughout the Network and Environment Pillar” describes how mapping data flows and segmenting parts of the network and resources can contain, detect, and isolate intrusions. Published 5 March 2024.
- “Advancing Zero Trust Maturity Throughout the Data Pillar” illustrates how ensuring only those with authorization can access data would reduce breaches and enable earlier detection of even advanced malicious cyber actor activities. Published 9 April 2024.
- “Advancing Zero Trust Maturity Throughout the Application and Workload Pillar” recommends achieving progressive levels of application and workload capabilities under the “never trust, always verify” ZT paradigm, which helps organizations secure applications from unauthorized access and ensures continuous visibility of workloads. Published 22 May 2024.
- “Advancing Zero Trust Maturity Throughout the Visibility and Analytics Pillar” emphasizes comprehensively and centrally logging and analyzing relevant activity to produce health, status, performance, behavioral, and threat insights from across the infrastructure to proactively and quickly mitigate risks. Published 30 May 2024.
- “Advancing Zero Trust Maturity Throughout the Automation and Orchestration Pillar” highlights the benefits of automating repetitive processes, orchestrating policy and access decisions, leveraging AI and ML analytics, and effectively coordinating security operations to rapidly detect and respond to emerging cyber threats. Published 10 July 2024.
Read the full report here.
Visit our full library for more cybersecurity information and technical guidance.
NSA Media Relations
MediaRelations@nsa.gov
443-634-0721