Thanks Michael. No surprises there, then. Please note all, the following definition from the NSA Embracing a ZT Security Model paper. (This was my starting point for auth credentials and certificates for internet connected devices, applications and people).
"Zero Trust is a security model, a set of system design principles, and a coordinated cybersecurity and system
management strategy based on an acknowledgement that threats exist both inside and outside traditional network
boundaries. "
Best Regards
Nya
------------------------------
Nya Murray
Director
Trac-Car
------------------------------
Original Message:
Sent: Mar 14, 2023 01:36:03 PM
From: Michael Roza
Subject: NSA Advancing Zero Trust Maturity Throughout the User Pillar
Hi All,
NSA just published Advancing Zero Trust Maturity Throughout the User Pillar
According to the 2020 Verizon Data Breach Investigations Report, "at least two-thirds of cyberattacks are now focused on impersonating trusted users and systems to access vital data or critical systems." [1] Such cyber incidents are on the rise, creating economic disruption and impacting national security.T
his cybersecurity information sheet (CSI) provides recommendations for maturing identity, credential and access management (ICAM) capabilities to effectively mitigate such cyberattacks. It further discusses how these capabilities integrate into a comprehensive Zero Trust (ZT) framework, as described in "Embracing a Zero Trust Security Model". [2] National Security System owners and operators should take concrete steps to mature identity and access security controls and the operational practices related to establishing digital identities and authenticating and authorizing users to access critical resources. Doing so will provide system owners and operators the ability to identify, resist, and respond to many cyber intrusion techniques.
@Daniele Catteddu
@Anna Schorr
@Chandler Curran
@Erik Johnson
------------------------------
Michael Roza CPA, CISA, CIA, CC, MBA, Exec MBA
------------------------------