NSA Issues Guidance on Deploying Zero-Trust Network Architecture

The National Security Agency has issued a cybersecurity information sheet that provides instructions for defense agencies and contractors on how they can establish a zero-trust network architecture.

On Thursday, the NSA called on the entire defense industrial base to implement a zero-trust model for sensitive systems to avoid the unauthorized extraction of data.

In the seven-page cybersecurity information document, the agency recommended that a zero-trust security model be integrated into critical networks such as national security systems, networks used by the Department of Defense and systems employed by federal contractors, FedScoop reported.

In the zero-trust model, system administrators assuming that a system or network is compromised. Users are therefore asked to verify their identity before navigating a network.

In a press release, the NSA emphasized that system administrators will be able to control how users, processes and devices engage with data by adopting zero-trust principles.

Principles surrounding the implementation of zero-trust networks will prevent the abuse of compromised user credentials, remote exploitation and insider threats, the agency said. Zero-trust principles can also help mitigate the effects of malicious activity within the government’s supply chain, the NSA added..

The information document is part of the reference architecture that the NSA has yet to release to assist Defense Department components and federal contractors in implementing a zero-trust model.

The Defense Information Systems Agency is helping the NSA craft the reference guide.

The government’s push for using a zero-trust network architecture grew after the discovery of the SolarWinds hack in 2020.

Sign Up Now! Potomac Officers Club provides you with Daily Updates and News Briefings about Cybersecurity

Join Us Now