The National Security Agency has released guidance on the zero-trust security model with recommendations to implement zero trust within networks. The zero-trust security model is a coordinated system strategy that assumes breaches are inevitable or have already occurred.
Five guidelines for implementing the zero-trust model:
- The zero-trust system relies on network users to never trust any user, device or application and to always verify authenticity.
- Users should assume that the adversary already has a presence in the network.
- Apply security policies across all domains (mobile, LAN, WAN, etc.).
- Embrace multi-factor authentication for users to make stealing credentials more difficult.
- Incorporate zero-trust architecture incrementally in a strategic plan to avoid increased vulnerabilities during the transition.
To see the full list of guidelines, click here.