"NSA Pushes Zero Trust Principles to Help Prevent Sophisticated Hacks"

The National Security Agency (NSA) strongly recommends the adoption of a Zero Trust security model for all critical networks within National Security Systems, the Department of Defense's critical networks, and Defense Industrial Base critical networks and systems. NSA recently released a guide that includes examples of how the implementation of Zero Trust could have prevented some of the methods used by attackers to compromise at least nine federal agencies and a hundred companies in the SolarWinds supply chain attack. The attackers' focus on evading detection indicates that such tactics will continue to grow in use and complexity, calling for the consideration of Zero Trust principles. Using a Zero Trust approach, devices themselves would be validated in addition to passwords. Therefore, if an attacker uses a stolen password but the device is unknown, the device will fail authentication and authorization checks, thus resulting in the denial of access and the logging of the malicious activity. The agency also recommends the use of strong multi-factor authentication. This article continues to discuss NSA's recommendation to embrace the Zero Trust security model and how the implementation of this model can help organizations prevent sophisticated hacks. 

NextGov reports "NSA Pushes Zero Trust Principles to Help Prevent Sophisticated Hacks"