SBA Designing Trust Algorithm for Zero Trust Deployment
The Small Business Administration is creating a trust algorithm that will be part of its zero trust architecture deployment, an official said.
Zero trust is a modern cybersecurity model that operates under the assumption that a threat is already inside a network’s security perimeter.
SBA is designing a trust algorithm that it can use to control network and data access based on the agency’s risk tolerance, FedScoop reported.
A trust algorithm is a rule set that dictates which users should be granted or denied access to a resource, according to the National Institute of Standards and Technology.
The algorithm drives a policy engine that accounts for factors such as observable information about subjects, subject attributes and roles, historical subject behavior patterns and threat intelligence sources.
Agencies may configure their policy engines to prioritize certain factors over others or leave the decision-making entirely up to a proprietary algorithm.
Trafenia Salzman, a security architect at SBA, said that a policy engine should reflect the risk tolerance of an agency’s leadership and security architects.
The engine will then automatically limit access to a resource if it determines that the risk is above the agency’s limit, Salzman explained during an event hosted by the Advanced Technology Academic Research Center.
Kevin Brewer, senior manager for sales engineering, said that most trust algorithms are still adjusting to artificial intelligence and machine learning-based engines.
He said that he expects all future solutions to rely on AI to calculate risks and drive decisions in real time.
Tags: artificial intelligence ATARC cybersecurity FedScoop Kevin Brewer policy engine SBA Trafenia Salzman trust algorithm zero trust