NSA Guidance Offers Advice on Securing Applications, Workloads Using Zero Trust Architecture

The National Security Agency has released a Cybersecurity Information Sheet titled “Advancing Zero Trust Maturity Throughout the Application and Workload Pillar,” offering recommendations for organizations to secure applications and ensure continuous workload visibility within a zero trust security model.

The NSA recommends a “never trust, always verify” approach for applications and workloads, highlighting a progressive maturity model for capabilities within the zero trust framework to regularly enhance cybersecurity measures and responses.

The CSI defines applications as any software program running on-premises or in the cloud. Workloads, on the other hand, can be individual solutions or bundled processing components that perform specific tasks, the NSA said.

According to the sheet, which complements previous CSIs on zero trust, the application and workload pillar focuses on capabilities such as secure software development, resource authorization and ongoing monitoring.

Dave Luber, NSA’s director of cybersecurity, emphasized the role of zero trust framework in securing sensitive data and applications. He explained that the security model empowers organizations with granular access controls and continuous monitoring capabilities.