[Info-vax] US Gov't "Zero Trust" Security Requirements
Simon Clubley
clubley at remove_me.eisner.decus.org-Earth.UFP
Tue Sep 20 14:25:02 EDT 2022
On 2022-09-19, Kerry Main <kemain.nospam at gmail.com> wrote:
>
> Nice post .. ZTA illustrates transformation from relying on network perimeters (e.g. local firewalls) to enterprise App/DB and IDM (identity management) architectures.
>
> More detailed whitepaper architecture pointer in the link above:
><https://dodcio.defense.gov/Portals/0/Documents/Library/(U)ZT_RA_v1.1(U)_Mar21.pdf>
>
I looked briefly at this document and it appears that VMS would fall
down hard when judged by the standards of section 2.1.1, which makes
it clear that systems in a zero trust environment have to operate in
what is assumed to be an actively hostile environment internally, and
not just protect against some external nebulous threats from the outside
world.
Some people around here argue that VMS doesn't really need to be kept
to the same security standards as everything else "because it's run in
an isolated and controlled environment". For anyone new around here,
I disagree strongly with that statement.
How do you see it as being viable to run VMS in such an actively hostile
environment ?
Simon.
--
Simon Clubley, clubley at remove_me.eisner.decus.org-Earth.UFP
Walking destinations on a map are further away than they appear.
More information about the Info-vax
mailing list