NSA Issues Maturing Devices Guidance Under Zero Trust Security Framework

The National Security Agency has issued a new cybersecurity information sheet recommending ways to ensure that devices meet the security framework’s access criteria under the zero trust architecture. 

The CSI, titled Advancing Zero Trust Maturity Throughout the Device Pillar, guides federal agencies and their partner organizations in assessing their systems’ devices and equipping them with more effective solutions against risks on their critical resources. 

The guidance enumerates the device pillar’s eight primary capabilities, including identification, inventory and authentication, in ensuring that trust granted on all access-seeking devices is based on device metadata and constant checks on compliance with access standards, the NSA said.

Other capabilities include remote access protection, device management and endpoint detection threat detection response and mitigation, the NSA added.

According to the NSA, the CSI also discusses ways of integrating the capabilities into a comprehensive trust framework detailed in Embracing a Zero Trust Security Model.