In the News: 6 CISO Takeaways From the NSA’s Zero-Trust Guidance
Published originally on March 15, 2024 on Dark Reading.


The reality of cybersecurity for companies is that adversaries compromise systems and networks all the time, and even well-managed breach-prevention programs often have to deal with attackers inside their perimeters.

On March 5, the National Security Agency continued its best-practice recommendation to federal agencies, publishing its latest Cybersecurity Information Sheet (CIS) on the Network and Environment pillar of its zero-trust framework. The NSA document recommends that organizations segment their networks to limit unauthorized users from accessing sensitive information though segmentation. That’s because strong cybersecurity measures can stop compromises from turning into full-blown breaches by limiting all users’ access to areas of the network in which they have no legitimate role. 


Here are six takeaways from the NSA guidance.

1. Learn All Seven Pillars of Zero Trust

The latest document from the National Security Agency dives into the fifth pillar of the seven pillars of zero trust: the network and environment. Yet the other six pillars are equally important and show “how wide-ranging and transformational a zero-trust strategy has to be to be successful,” says Ashley Leonard, CEO at Syxsense, an automated endpoint and vulnerability management firm.

“For companies looking to get started with zero trust, I’d highly encourage them to review the NSA information sheets on the user and device pillars — the first and second pillars of zero trust, respectively,” he says. “If a company is just getting started, looking at this networking and environment pillar is a bit like putting the cart before the horse.”

Read the full article on Dark Reading.