Get Started Today!  (954) 834-2800

croom new

KB Technologies Blog

KB Technologies has been serving the Deerfield Beach area since 2002, providing IT Support such as technical helpdesk support, computer support, and consulting to small and medium-sized businesses.

NIST Rules of Zero Trust Security Policy

NIST Rules of Zero Trust Security Policy

In a zero trust network, you trust nobody, no matter how long they have been around or how invested they are in your organization’s future. Everyone’s identity on your network must be verified, a concept that has been quite helpful in limiting data breaches. Today, we are going to discuss the National Institute of Standards and Technology’s definition of zero trust and what they recommend to businesses wishing to implement it.

According to NIST, there are seven tenets found in their security standards.

How Does NIST Define Zero Trust?

Here is NIST’s definition of zero trust:

“Zero trust (ZT) provides a collection of concepts and ideas designed to minimize
uncertainty in enforcing accurate, least privilege per-request access decisions in
information systems and services in the face of a network viewed as compromised. Zero
trust architecture (ZTA) is an enterprise’s cybersecurity plan that utilizes zero trust
concepts and encompasses component relationships, workflow planning, and access
policies. Therefore, a zero trust enterprise is the network infrastructure (physical and
virtual) and operational policies that are in place for an enterprise as a product of a zero
trust architecture plan.”

Zero trust, in essence, aims to make it as difficult as possible for a threat to infiltrate your network, but it also seeks to make it easier to figure out how the threat would get in.

NIST’s Seven Tenets, Reviewed

Let’s take a look at what these seven tenets are and what kind of policies your business should adopt to implement them.

“All data sources and computing services are considered resources.”

All devices that connect to your network should abide by your network’s security requirements and access controls.

“All communication is secured regardless of network location.”

Even if two devices on the same network are communicating with each other, they should share information in the same way they would if external networks were involved.

“Access to individual enterprise resources is granted on a per-session basis.”

It’s possible that some of your employees will only need temporary access to assets or files, so you should only grant them access on an as-needed basis to prevent unauthorized access.

“Access to resources is determined by dynamic policy—including the observable state of client identity, application/service, and the requesting asset—and may include other behavioral and environmental attributes.”

This has grown increasingly more challenging as the amount of data collected by businesses has grown. If you use this data to your advantage, it can help to determine access permissions and increase security.

“The enterprise monitors and measures the integrity and security posture of all owned and associated assets.”

All assets need to be monitored at all times, including those owned by both the company and the employee. This keeps threats from making their way into your network and ensures that something like patch management doesn’t get swept under the rug.

“All resource authentication and authorization are dynamic and strictly enforced before access is allowed.”

Zero trust means that you are confirming access permissions even after the user has officially been confirmed and created in the system. It’s not a one-time thing; it happens continuously.

“The enterprise collects as much information as possible about the current state of assets, network infrastructure and communications and uses it to improve its security posture.”

The architecture surrounding a zero trust policy consists of the policy engine, the policy administrator, and the policy enforcement point. These three components work together to collect all data needed to ensure that zero trust is actually upheld.

KB Technologies Managed IT can help your business work toward greater network security. To learn more about what we can do for your business, reach out to us at (954) 834-2800.

Tired Of Annoying Computer Problems That Keep Coming Back?

AI Security Can Work Wonders to Thwart Threats
What Threats You Need to Consider with Voice-Based...
 

Comments

No comments made yet. Be the first to submit a comment
Guest
Already Registered? Login Here
Guest
Thursday, November 07 2024

Captcha Image

Reach Out Today!

First Name *
Last Name
Email *
Company Name
Phone *
Comments

Mobile? Grab this Article!

QR-Code dieser Seite

Latest Blog

We’re all hooked on our devices. You likely wouldn’t think about driving an hour each way to retrieve your smartphone if you left it at home and would otherwise be without it for a couple of days. It’s not even an option to go that long without access to your phone nowadays....

Latest News

KB Technologies Managed IT is proud to announce the launch of our new website at http://www.kb-it.com. The goal of the new website is to make it easier for our existing clients to submit and manage support requests, and provide more information about our services for ...