An official website of the United States government
Here's how you know
A .gov website belongs to an official government organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Press Release | Oct. 19, 2023

NSA Shares Recommendations to Advance Device Security Within a Zero Trust Framework

FORT MEADE, Md. - The National Security Agency (NSA) has released a Cybersecurity Information Sheet (CSI) to enable federal agencies, partners, and organizations to assess devices in their systems and be better poised to respond to risks associated with critical resources.
 
Cybersecurity threats continue to increase, and traditional defenses cannot scale to provide effective security against these threats. Transitioning to a Zero Trust security framework places defenders in a better position to secure sensitive data, systems, applications, and services against nation-state actors and malicious actors seeking quick financial gains.
 
The “Advancing Zero Trust Maturity Throughout the Device Pillar” CSI provides recommendations to effectively ensure all devices meet an organization’s access criteria and security policies. The NSA advises National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) network owners and operators to implement the recommendations in the CSI to increase maturity levels of the device pillar capabilities. These include device identification, inventory, and authentication, device authorization using real time inspection, and remote access protection.
 
“Traditional security defenses have been shown to be insufficient to address the current threat environment” said Alan Laing, NSA’s Vulnerability Analysis Subject Matter Expert. “Government organizations and critical system owners need to enhance management of their device inventories to improve detection of sophisticated threats as part of comprehensive cybersecurity strategy integrating effective and scalable solutions to secure sensitive data, applications and services.”
 
As indicated in the CSI, the device pillar is a foundational component of the Zero Trust security framework. It ensures devices within an environment or attempting to connect to resources in such environment are located, enumerated, authenticated, and assessed. A device is only authorized access if it meets the environment’s security policies.
 
The device pillar is one of the seven pillars defined in the DoD Zero Trust Reference Architecture. The capabilities discussed in this CSI complement on the “Advancing Zero Trust Maturity Throughout the User Pillar” published on 14 March 2023. NSA advises progression of the capabilities in each of the seven pillars in the Zero Trust security framework should be seen as a cycle of continuous improvement based on evaluation and monitoring of threats.
 
The NSA Zero Trust security framework adheres to the President’s Executive Order of Improving the Nation’s Cybersecurity (EO 14028) and National Security Memorandum 8 (NSM-8), which direct Federal Civilian Executive Branch (FCEB) agencies and NSS owners and operators to develop and implement strategic plans to adopt a Zero Trust cybersecurity framework.
 
Read the full report here.
 
Visit our full library for more cybersecurity information and technical guidance.

NSA Media Relations
MediaRelations@nsa.gov
443-634-0721

Related Stories

Cybersecurity Speaker Series: Embracing a Zero Trust Mindset

Related Press Advisories

NSA Releases Recommendations for Maturing Identity, Credential, and Access Management in Zero Trust

Related Documents

CSI: Advancing Zero Trust Maturity Throughout the Device Pillar
Network Security cybersecurity NSA Zero Trust Device Pillar mfa PAM DIB DoD nss NSM-8
Hosted by Defense Media Activity - WEB.mil Veterans Crisis Line