NIST SP 800-207A Acknowledges the Critical Role of Network Traffic in ZTA Success
Published 10/20/2023
Originally published by Gigamon.
Written by Orlie Yaniv and Ian Farquha.
With the September 2023 publication of NIST 800-207A, A Zero Trust Architecture Model for Access Control in Cloud-Native Applications in Multi-Cloud Environments, NIST has laid out its guidance for developing a Zero Trust Architecture (ZTA) that can be deployed in multi-cloud and hybrid environments, an architectural approach that Gigamon believes will be the default for larger enterprises across government and industry. At a high level, this publication focuses on shifting security thinking away from location-based approaches to one that dynamically establishes trust in the identity of users and services as they seek to access data and business functions across complex environments.
Achieving this outcome will require “a comprehensive set of policies that span all critical entities and resources in the application stack, including the network, network devices, users, and services.”1 Explicit in this guidance is the assumption that an attacker is already in the environment and the organization must monitor and validate everything.2 As Gigamon stated during the public comment period, “everything” needs to include the supporting infrastructures, even those supplied by the Cloud Service Providers, and the management interfaces as they will be targeted and potentially compromised.
The final version of NIST SP 800-207A recognizes and mitigates this risk with the addition of Section 5 Support for Multi-tier Policies Through a Monitoring Framework. While not in the table of contents, this section begins on page 20 and describes the requirements for a monitoring framework in the context of cloud-native applications. Particularly critical is the following recommendation:
MON-DATA-USE-1: Access enforcement in the context of identity-tier policies in ZTA should be based on access decisions that rely on assigned permissions as well as the contextual information about each connection or access request. A key piece of contextual information is the behavioral data associated with the user and/or devices from which the request originates. This behavioral data can only be generated from the visibility information on network traffic flows, which help verify that the users and resources are behaving in a way that is consistent with their roles and are, therefore trustworthy.
Related Articles:
The Service Accounts Guide Part 1: Origin, Types, Pitfalls and Fixes
Published: 12/10/2024
Systems Analysis for Zero Trust: Understand How Your System Operates
Published: 12/05/2024
Evolutionary vs. Revolutionary Growth: Striking a Balance at Sunbelt Rentals
Published: 12/05/2024
What 2024’s SaaS Breaches Mean for 2025 Cybersecurity
Published: 12/03/2024