FORT MEADE, Md. – The National Security Agency (NSA) is releasing the Cybersecurity Information Sheet (CSI), “Driving Zero Trust Maturity Across the Applications and Workloads Pillars,” to help organizations protect their applications from unauthorized users and ensure continuous visibility into their security workloads at any given time.
This CSI provides recommendations for achieving progressive levels of application and workload functionality under the “never trust, always verify” Zero Trust (ZT) paradigm. We will discuss how these features are integrated into the comprehensive ZT framework. The ZT implementation effort is designed to continually mature cybersecurity protection, response, and operations over time.
“This guidance helps organizations thwart malicious cyber activity by applying granular access control and visibility to applications and workloads in modern network environments,” said Dave Luber, NSA's director of cybersecurity. “By implementing a zero trust framework, cybersecurity practitioners will be better positioned to protect sensitive data, applications, assets, and services.”
According to CSI, applications and workloads are interdependent. Applications include all computer programs and services that run on-premises and in cloud environments. Applications are individual tools that address business needs, whereas workloads can be standalone solutions or tightly coupled groups of processing components that perform mission functions.
The Applications and Workloads pillar, one of the seven pillars of a Zero Trust architecture, includes application inventory, secure software development and integration, software risk management, resource authorization and integration, and continuous monitoring and integration. It depends on the authorization function.
NSA is assisting Department of Defense customers in piloting Zero Trust systems and developing additional Zero Trust guidance to incorporate Zero Trust principles and design into enterprise networks.
This guidance expands on NSA's previously released CSI on Zero Trust, which includes:
Read the full report here.
For more information and technical guidance on cybersecurity, check out our complete library.
For NSA media personnel
MediaRelations@nsa.gov
443-634-0721
