FAA Seeks Information on Ways to Implement Zero Trust Micro-Segmentation

The Federal Aviation Administration is requesting information on methods and techniques for deploying a micro-segmented zero trust architecture.

Zero trust is a modern cybersecurity model that functions on the assumption that a breach is inevitable and has likely already occurred. The architecture attempts to address the weakness by dynamically limiting user access to only what is needed, the FAA said in a request for information posted on SAM .gov.

Micro-segmentation is an element of the zero trust paradigm that involves the division of segments on a network at the workload or process level.

The FAA explained that micro-segmentation will allow analysts to more easily quarantine compromised systems away from others once an attack has been detected.

The agency said that micro-segmentation has similarities to traditional segmentation techniques that rely on firewalls, which are ideal for reducing a network’s attack surface by protecting its endpoints.

Unlike firewalls, micro-segmented architectures are equipped to deal with threats already inside a network’s security perimeter, the FAA said.

The FAA said it is looking for ways to implement zero trust micro-segmentation in four functional areas: mission-critical, mission-essential, administrative and the research and development operating environments.

According to the agency, each environment has its own separate security perimeter with its own set of management, incident response and security controls.

Respondents are encouraged to describe how their solution satisfies various requirements in identity, device, network, application access control and data management, among others.

Interested parties have until Jan. 18 to respond to the FAA’s market survey.