[Info-vax] US Gov't "Zero Trust" Security Requirements
Kerry Main
kemain.nospam at gmail.com
Mon Sep 19 10:44:10 EDT 2022
> -----Original Message-----
> From: Info-vax <info-vax-bounces at rbnsn.com> On Behalf Of Stephen
> Hoffman via Info-vax
> Sent: September-08-22 8:28 PM
> To: info-vax at rbnsn.com
> Cc: Stephen Hoffman <seaohveh at hoffmanlabs.invalid>
> Subject: [Info-vax] US Gov't "Zero Trust" Security Requirements
>
>
> Requirements from the US Government:
>
> "This memorandum sets forth a Federal zero trust architecture (ZTA)
> strategy, requiring agencies to meet specific cybersecurity standards and
> objectives by the end of Fiscal Year (FY) 2024 in order to reinforce the
> Government’s defenses against increasingly sophisticated and persistent
> threat campaigns. Those campaigns target Federal technology infrastructure,
> threatening public safety and privacy, damaging the American economy, and
> weakening trust in Government."
>
> https://www.whitehouse.gov/wp-content/uploads/2022/01/M-22-09.pdf
> (from 26-Jan-2022)
>
> This work parallels the BeyondCorp security design that has been posted
> around here once or twice before.
>
>
Nice post .. ZTA illustrates transformation from relying on network perimeters (e.g. local firewalls) to enterprise App/DB and IDM (identity management) architectures.
More detailed whitepaper architecture pointer in the link above:
<https://dodcio.defense.gov/Portals/0/Documents/Library/(U)ZT_RA_v1.1(U)_Mar21.pdf>
Another related whitepaper from Fortigate (security vendor) on this topic:
<https://www.fortinet.com/blog/ciso-collective/whats-the-difference-between-zero-trust-zta-ztna>
Key extract that is interesting - "Instead, it focuses on evaluating trust on a per-transaction basis." (TLS 1.* is per session security)
Regards,
Kerry Main
Kerry dot main at starkgaming dot com
--
This email has been checked for viruses by AVG antivirus software.
www.avg.com
More information about the Info-vax
mailing list