Hi All,
The NSA just published CSI: Security Considerations for Edge Devices: Practitioner Guidance.
This publication is part of a series of complementary publications on cyber security measures and mitigations for edge devices: • Australian Signals Directorate's (ASD) Australian Cyber Security Centre (ACSC) • New Zealand's National Cyber Security Centre (NCSC-NZ) • United Kingdom's National Cyber Security Centre (NCSC-UK) • United States' (U.S.) Cybersecurity and Infrastructure Security Agency (CISA) • U.S. National Security Agency (NSA).
The following list of principle mitigation strategies is primarily focused on addressing the common issues with edge devices that are leading to successful exploitation against enterprise networks. The strategies are not prioritised in any sequential level of importance. The strategies compliment relevant Cyber Security Framework (CSF) controls where possible. Partnered nations are welcome to employ these mitigations or map these controls to a different equivalent CSF if compatible.
You can find these documents here https://www.nsa.gov/Press-Room/Cybersecurity-Advisories-Guidance/
------------------------------
Michael Roza CPA, CISA, CIA, CC, CCSKv5, CCZTv1, MBA, EMBA, CSA
------------------------------