background

ZERO TRUST

ZERO TRUST

ZERO TRUST

A security model that assumes no implicit trust, requiring verification of every user, device, and application attempting to access network resources. It emphasises continuous monitoring, least privilege access, and strict identity verification to protect against internal and external threats.

Controls:

"Visibility and Accountability Trust" enhances security by ensuring comprehensive monitoring and logging of all activities within the environment. It promotes transparency and accountability, enabling organizations to detect anomalies and respond effectively to incidents, thus reinforcing the principles of a Zero Trust framework.

  • Visibility & Analytics [ID.GV1]

    Implement comprehensive visibility and analytics to monitor user and system activities.

  • Visibility & Analytics [ID.GV2]

    Enhance threat detection capabilities through advanced analytics and machine learning.

  • Visibility & Analytics [ID.GV3]

    Establish user behavior analytics (UBA) to monitor and assess user actions.

  • Visibility & Analytics [ID.GV4]

    Implement real-time monitoring and alerting systems for security events.

  • Visibility & Analytics [ID.GV5]

    Utilize forensic analysis tools to investigate security incidents post-event.

  • Visibility & Analytics [ID.GV6]

    Establish automated reporting mechanisms for security metrics and compliance status.

  • Visibility & Analytics [ID.GV7]

    Integrate threat intelligence feeds to enhance visibility and contextual awareness.

  • Visibility & Analytics [ID.GV8]

    Implement user and entity behavior analytics (UEBA) for improved anomaly detection.

  • Automation & Orchestration [AO1]

    Automate incident response workflows to enhance efficiency and reduce response times.

  • Automation & Orchestration [AO2]

    Integrate security tools for automated threat detection and response.

  • Automation & Orchestration [AO3]

    Establish automated compliance monitoring and reporting systems.

  • Automation & Orchestration [AO4]

    Automate the collection and analysis of security logs and events.

  • Automation & Orchestration [AO5]

    Implement automated threat intelligence sharing between systems.

  • Automation & Orchestration [AO6]

    Automate remediation actions based on predefined incident response playbooks.

  • Automation & Orchestration [AO7]

    Implement automated user access reviews and entitlement management.

  • Automation & Orchestration [AO8]

    Automate reporting and alerting for security incidents and anomalies.

"System to System Trust" establishes secure interactions between systems by enforcing strict authentication and authorization measures. This control ensures that communications are protected and only trusted systems can exchange data, thereby minimizing vulnerabilities and enhancing security within a Zero Trust framework.

  • Networks [NE1]

    Implement segmentation and micro-segmentation of networks to limit lateral movement of threats.

  • Networks [NE2]

    Establish secure network communication protocols to protect data in transit.

  • Networks [NE3]

    Monitor and log network traffic to detect and respond to anomalies.

  • Networks [NE4]

    Implement network access controls based on device health and security posture.

  • Networks [NE5]

    Implement secure remote access solutions for users and devices.

  • Infrastructure [IN1]

    Secure critical infrastructure components against unauthorized access and threats.

  • Infrastructure [IN2]

    Implement continuous monitoring of infrastructure for security events and anomalies.

  • Infrastructure [IN3]

    Enforce micro-segmentation within the infrastructure to limit access and control traffic flows.

  • Infrastructure [IN4]

    Implement strong authentication mechanisms for all infrastructure components.

  • Infrastructure [IN5]

    Establish regular patch management and update processes for infrastructure components.

"Data Protection Trust" safeguards sensitive data through strict access controls, encryption, and continuous monitoring. It ensures that data is only accessible to authorized users and systems, maintaining integrity and confidentiality in a Zero Trust framework to mitigate risks of unauthorized access and data breaches.

  • Data [DA1]

    Implement data classification and labeling to manage sensitive information effectively.

  • Data [DA2]

    Implement data encryption for sensitive information both at rest and in transit.

  • Data [DA3]

    Enforce access controls based on data sensitivity and user roles.

  • Data [DA4]

    Implement data loss prevention (DLP) measures to monitor and protect sensitive information.

  • Data [DA5]

    Implement data retention and disposal policies to manage sensitive information lifecycle.

"System Users Trust" focuses on establishing and maintaining trust for users and devices within the system. It ensures that only authorized users and trusted devices can access resources, enforcing continuous verification and adherence to security policies in a Zero Trust environment.

  • Endpoint System Trust [EN1]

    Establish endpoint device trust by assessing the security posture of devices before granting access.

  • Endpoint System Trust [EN2]

    Use device health checks to ensure endpoint security compliance.

  • Endpoint System Trust [EN3]

    Implement endpoint encryption to protect data on devices from unauthorized access.

  • Endpoint System Trust [EN4]

    Control application access on endpoints to ensure only authorized applications are allowed to run.

  • Endpoint System Trust [EN5]

    Implement multi-factor authentication (MFA) for accessing endpoint devices and applications.

  • Endpoint System Trust [EN6]

    Conduct regular vulnerability assessments on endpoint devices to identify and remediate security weaknesses.

  • Endpoint System Trust [EN7]

    Implement endpoint detection and response (EDR) solutions to monitor and respond to threats in real time.

  • Application & Workload [AW1]

    Implement secure coding practices to protect applications from vulnerabilities.

  • Application & Workload [AW2]

    Implement role-based access control (RBAC) for applications and workloads to ensure least privilege access.

  • Application & Workload [AW3]

    Conduct regular security assessments of applications and workloads to identify vulnerabilities.

  • Application & Workload [AW4]

    Ensure continuous monitoring of application performance and security to detect anomalies.

  • Application & Workload [AW5]

    Implement application security controls such as firewalls and intrusion detection systems (IDS) to protect workloads.

  • Application & Workload [AW6]

    Enforce data protection measures for sensitive information within applications and workloads.

  • Application & Workload [AW7]

    Conduct application lifecycle management to ensure security throughout development and deployment.

  • Application & Workload [AW8]

    Implement logging and monitoring for applications to detect and respond to security incidents.

  • Application & Workload [AW9]

    Apply security patches and updates promptly to all applications and workloads.

  • Application & Workload [AW10]

    Implement secure APIs to ensure safe communication between applications and services.

Authenticate & Verify Trust" ensures that all users, devices, and systems are continuously authenticated and verified before granting access to resources. This control minimizes risks by implementing strict identity verification processes, enabling a proactive approach to security within a Zero Trust framework.

  • Identities [ID1]

    Authenticate and verify user identities to ensure only authorized users gain access to systems and data.

  • Identities [ID2]

    Use dynamic identity verification methods that adapt based on context and risk levels.

  • Identities [ID3]

    Implement continuous identity monitoring to detect anomalies in user activities.

  • Identities [ID4]

    Establish identity lifecycle management to oversee identities from creation to deletion.

  • Identities [ID5]

    Implement privileged access management (PAM) to control and monitor privileged accounts and actions.

  • Identities [ID6]

    Enforce strong password policies to ensure robust password creation and management

  • Identities [ID7]

    Utilize single sign-on (SSO) to streamline user access with centralized authentication.

  • Identities [ID8]

    Monitor and log authentication attempts to track successes and failures.

  • Identities [ID9]

    Implement user education programs on security best practices related to identity management.