Security News > 2021 > March > NSA Publishes Guidance on Adoption of Zero Trust Security
The U.S. National Security Agency has published guidance on how security professionals can secure enterprise networks and sensitive data by adopting a Zero Trust security model.
Titled "Embracing a Zero Trust Security Model," the document details the benefits and challenges of the security model, and also provides a series of recommendations on the implementation of Zero Trust within existing networks.
Leveraging a set of system design principles and a cyber-security management strategy, the Zero Trust model assumes that a breach has occurred or is inevitable and eliminates trust in systems, nodes, and services, requiring continuous verification through real-time information.
"Systems that are designed using Zero Trust principals should be better positioned to address existing threats, but transitioning to such a system requires careful planning to avoid weakening the security posture along the way. NSA continues to monitor the technologies that can contribute to a Zero Trust solution and will provide additional guidance as warranted," the NSA notes.
The NSA also explains that implementing Zero Trust requires time and effort, and that additional capabilities are required to transition to a mature Zero Trust architecture, for full benefits.
"The Zero Trust mindset focuses on securing critical data and access paths by eliminating trust as much as possible, coupled with verifying and regularly re-verifying every allowed access. However, implementing Zero Trust should not be undertaken lightly and will require significant resources and persistence to achieve," the NSA also points out.