Hi All,
The NSA just published Advancing Zero Trust Maturity Throughout the Device Pillar.
This cybersecurity information sheet (CSI) focuses on the device pillar and includes recommendations for reaching increasing maturity levels of device pillar capabilities.
Having the ability to identify, authenticate, inventory, authorize, isolate, secure, remediate, and control all devices is essential in a ZT approach. Understanding the health and status of devices informs risk decisions, with real time compliance inspections, continuous risk assessments, and automated remediation informing every access request.
In addition to the more common high-level threats to operating systems and application software, ZT capabilities must defend systems from persistent and hard-to-detect threats against devices. Past examples of low-level, persistent threats include:
LoJax boot rootkit
MosiacRegressor firmware implant
UEFI Secure Boot bypasses BootHole and BlackLotus
Side channel vulnerabilities such as Spectre, Meltdown, Fallout, ZombieLoad, NetSpectre, Downfall, and Inception
SSD over-provisioning malware
This ZT device pillar CSI prescribes mechanisms to shield devices from low-level, persistent threats over their entire lifecycle. Adoption of a ZT mindset enables organizations to never assume devices within an established environment are secure or that actors cannot hide from defenses in the OS or applications by delving into hardware and firmware. Implementing mature ZT device pillar capabilities enables organizations to assess devices and respond to risks to critical resources in the environment.
------------------------------
Michael Roza CPA, CISA, CIA, CC, MBA, Exec MBA, CSA Research Fe
------------------------------