NSA Updates Zero-Trust Advice to Reduce Attack Surfaces

  /     /     /  
Publicated : 23/11/2024   Category : security

NSA Updates Zero-Trust Advice to Reduce Attack Surfaces


Agency encourages broader use of encryption, data-loss prevention, as well as data rights management to safeguard data, networks, and users.


The National Security Agency has published its latest guidance for organizations interested in moving toward a zero-trust cybersecurity framework, with a particular focus on stopping unauthorized access to data both in transit and in storage.
NSA recommendations include the use of encryption, tagging, labeling, data-loss prevention strategies, and data rights management tools. The NSA suggestions are intentionally aligned with
zero-trust frameworks
to help government agencies and enterprises defend against increasingly sophisticated cyberattacks.
Malicious cyber actors continuously increase their ability to infiltrate networks and gain access to sensitive data, Dave Luber, the NSAs director of cybersecurity, said in a statement about the latest round of
NSA zero-trust advisories
. Assuming that breaches will occur, implementing the pillars of the zero-trust framework is how we combat that activity.
This focus on what the NSA in its report calls the data pillar is the continuation of the agencys development of zero-trust best practices, begun when it first released
Embracing a Zero Trust Security Model
in February 2021.
Just last month, the NSA updated its
guidelines for implementing zero trust
, which drew a distinction between macro- and microsegmentation of networks. Macrosegmentation is intended for workgroups and departments; micro-segmentation separates traffic even further so that not all users have the same access rights — a bid to reduce an organizations attack surface.

Last News

▸ ArcSight prepares for future at user conference post HP acquisition. ◂
Discovered: 07/01/2025
Category: security
▸ Samsung Epic 4G: First To Use Media Hub ◂
Discovered: 07/01/2025
Category: security
▸ Many third-party software fails security tests ◂
Discovered: 07/01/2025
Category: security


Cyber Security Categories
Google Dorks Database
 		Exploits Vulnerability
 		Exploit Shellcodes

CVE List
 		Tools/Apps
 		News/Aarticles

Phishing Database
 		Deepfake Detection
 		Trends/Statistics & Live Infos



Tags:
NSA Updates Zero-Trust Advice to Reduce Attack Surfaces