NIST SP 800-207A Acknowledges the Critical Role of Network Traffic in ZTA Success
Blog Article Published: 10/20/2023
Originally published by Gigamon.
Written by Orlie Yaniv and Ian Farquha.
With the September 2023 publication of NIST 800-207A, A Zero Trust Architecture Model for Access Control in Cloud-Native Applications in Multi-Cloud Environments, NIST has laid out its guidance for developing a Zero Trust Architecture (ZTA) that can be deployed in multi-cloud and hybrid environments, an architectural approach that Gigamon believes will be the default for larger enterprises across government and industry. At a high level, this publication focuses on shifting security thinking away from location-based approaches to one that dynamically establishes trust in the identity of users and services as they seek to access data and business functions across complex environments.
Achieving this outcome will require “a comprehensive set of policies that span all critical entities and resources in the application stack, including the network, network devices, users, and services.”1 Explicit in this guidance is the assumption that an attacker is already in the environment and the organization must monitor and validate everything.2 As Gigamon stated during the public comment period, “everything” needs to include the supporting infrastructures, even those supplied by the Cloud Service Providers, and the management interfaces as they will be targeted and potentially compromised.
The final version of NIST SP 800-207A recognizes and mitigates this risk with the addition of Section 5 Support for Multi-tier Policies Through a Monitoring Framework. While not in the table of contents, this section begins on page 20 and describes the requirements for a monitoring framework in the context of cloud-native applications. Particularly critical is the following recommendation:
MON-DATA-USE-1: Access enforcement in the context of identity-tier policies in ZTA should be based on access decisions that rely on assigned permissions as well as the contextual information about each connection or access request. A key piece of contextual information is the behavioral data associated with the user and/or devices from which the request originates. This behavioral data can only be generated from the visibility information on network traffic flows, which help verify that the users and resources are behaving in a way that is consistent with their roles and are, therefore trustworthy.
Trending This Week
#1 What You Need to Know About the Diaxin Team Ransomware Group
#2 How ChatGPT Can Be Used in Cybersecurity
#3 Mitigating Security Risks in Retrieval Augmented Generation (RAG) LLM Applications
#4 The 6 Phases of Data Security
#5 Roadmap to Earning Your Certificate in Cloud Security Knowledge (CCSK)
Sign up to receive CSA's latest blogs
This list receives 1-2 emails a month.