An official website of the United States government
Here's how you know
A .gov website belongs to an official government organization in the United States.
A lock (lock ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Press Release | May 22, 2024

NSA Releases Guidance on Zero Trust Maturity Throughout the Application and Workload Pillar

FORT MEADE, Md. – The National Security Agency (NSA) is releasing the Cybersecurity Information Sheet (CSI), “Advancing Zero Trust Maturity Throughout the Application and Workload Pillar,” to help organizations secure applications from unauthorized users and ensure continuous visibility of the workload at any given time.
This CSI provides recommendations for achieving progressive levels of application and workload capabilities under the “never trust, always verify” Zero Trust (ZT) paradigm. It discusses how these capabilities integrate into a comprehensive ZT framework. ZT implementation efforts are intended to continually mature cybersecurity protections, responses, and operations over time.
“This guidance helps organizations disrupt malicious cyber activity by applying granular access control and visibility to applications and workloads in modern network environments,” said Dave Luber, NSA’s Director of Cybersecurity. “Implementing a Zero Trust framework places cybersecurity practitioners in a better position to secure sensitive data, applications, assets, and services.”

According to the CSI, applications and workloads are mutually dependent. Applications include any computer programs and services that execute in on premise and cloud environments. While applications are the individual tools that serve business needs, workloads can be standalone solutions or tightly coupled groups of processing components performing mission functions.
The application and workload pillar – one of seven in a Zero Trust architecture – depends on the following capabilities: application inventory, secure software development and integration, software risk management, resource authorization and integration, and continuous monitoring and ongoing authorizations.
NSA is assisting DoD customers in piloting Zero Trust systems and is developing additional Zero Trust guidance for incorporating Zero Trust principles and designs into enterprise networks.

This guidance expands on NSA’s previously released CSIs on Zero Trust, including the following:

Read the full report here.

Visit our full library for more cybersecurity information and technical guidance.

NSA Media Relations