NIST 800-207 - Zero Trust model

Zero Trust security is an IT security model, developed by a Forrester analyst, that requires strict identity verification for every person and device trying to access resources on a private network, regardless of whether they are sitting within or outside of the network perimeter. It is a holistic approach to network security that incorporates several different principles and technologies. 

 

Forrester recommends organizations address each of these focus areas to build the best Zero Trust security strategy.

  • Zero Trust Data

  • Zero Trust Networks

  • Zero Trust People

  • Zero Trust Workloads

  • Zero Trust Devices

The main principles behind Zero Trust are:  

Principle of least privilege - Limiting access rights for users, accounts, and computing processes to only those needed. 

 

Multi-factor authentication - Requiring more than one piece of evidence to authenticate a user.

 

Micro-segmentation - Breaking up security perimeters into small zones to maintain separate access to separate parts of the network. 

 

Access control & monitor – Strict controls on physical device access.

 

Implementing Zero Trust relies on these six tenets:

  • Don't trust, verify

  • Contextualize requests

  • Secure your admin environment

  • Least privilege 

  • Audit everything

  • Use adaptive controls

CyGov delivers streamlined, automated data collection and analysis, prioritized remediation guidance and real-time customized scoring to meet the Zero Trust requirements. CyGov has mapped Zero Trust back to its control inventory allowing to share data across multiple frameworks through the platform, which creates time savings, money savings and more accurate data. Through the CyGov platform organizations can gain full visibility to their cyber risk levels and compliance.

Background footer new.png

Follow Us

Group 9703@2x.png
Group 9705@2x.png

© 2020 by CyGov Tech