Zero Trust Resource Hub

eBay partnered with Illumio to implement Zero Trust Segmentation (ZTS) across its extensive network of 3,000 servers and 350 applications. By leveraging Illumio’s automation and visibility, eBay improved efficiency, reduced vulnerabilities, and achieved a 98% ransomware protection score. This collaboration highlights how microsegmentation can secure even the most complex systems while maintaining seamless operations.

The Digital Operation Resilience Act (DORA) aims to enhance the cybersecurity and operational resilience of financial entities operating within the European Union (EU) by focusing on five core pillars: ICT risk management, ICT incident reporting, digital operational resilience testing, third-party risk management, and information sharing.

As a leader in cloud security, Zscaler is uniquely positioned to help customers enhance resilience, manage risks, and ensure operational continuity in accordance with the core pillars set forth in DORA. This white paper dives into how Zscaler’s zero trust platform empowers organizations to align with DORA’s requirements through secure and scalable zero trust architecture principles. You’ll learn about:

•    The impact DORA may have on financial entities and ICT providers operating within the EU

•    How Zscaler can help organizations align with the five (5) core pillars of DORA

•  Email registration required to access content.

Cybersecurity and Infrastructure Security Agency (CISA) and the U.S. Department of Agriculture (USDA) released Phishing-Resistant Multi-Factor Authentication (MFA) Success Story: USDA’s FIDO Implementation. This report details how USDA successfully implemented phishing-resistant authentication for its personnel in situations where USDA could not exclusively rely on personal identity verification (PIV) cards. 

USDA turned to Fast IDentity Online (FIDO) capabilities, a set of authentication protocols that uses cryptographic keys on user devices, to offer a secure way to authenticate user identities without passwords. USDA’s adoption of FIDO highlights the importance of organizations moving away from password authentication and adopting more secure MFA technologies. 

This report offers examples to help organizations strengthen their cybersecurity posture through use cases, recommended actions, and resources. USDA successfully implemented MFA by adopting a centralized model, making incremental improvements, and addressing specific use cases. Organizations facing challenges with phishing-resistant authentication are encouraged to review this report. 

For more information about phishing-resistant MFA, visit Phishing-Resistant MFA is Key to Peace of Mind and Implementing Phishing-Resistant MFA on the CISA web site.

This paper investigates the convergence of asymmetric cryptography and Zero Trust Architecture (ZTA), exploring the utilization of asymmetric encryption to fulfill the core objectives of Zero Trust (ZT) security. The ZT security strategy is designed to combat contemporary cyber threats by assuming no implicit trust. Asymmetric cryptography, known for contributing to secure communications, authenticating users, and verifying data authenticity, supports realizing ZT principles. Exploring applications of asymmetric cryptography in ZT scenarios focuses on authentication and data protection. For authentication, asymmetric cryptography is integral to Public-Key Infrastructure (PKI), utilizing digital signatures to authenticate users and devices. For data protection, especially for data in transit, asymmetric cryptography is integral in key exchange to establish the symmetric key for data encryption. 

Guidance from the cross-functional US Zero Trust (ZT) Data Security Working Group.

The cyber risk landscape is continuously evolving and our adversaries are evolving along with it. The United States is facing unprecedented threats as malicious actors advance their tactics and unlock new ways to attack our systems, including using emerging technologies, such as artificial intelligence (AI), to launch increasingly sophisticated cyber campaigns. 

To counter these threats, agencies are making US Federal systems more defensible by employing ZT principles — which means trust is never implicitly granted and must be continually validated. 

ZT moves away from the traditional approach of protecting the network perimeter — a “castle and moat” model as seen in Figure 1 — to instead assume that a network may be compromised at any time, anywhere, and by anyone. Through the ZT lens, we focus on securing the data itself, rather than the perimeter protecting it. This concept is known as “ZT data security.”

This document delves into the critical and nuanced application of Zero Trust (ZT) principles within Operational Technology (OT) and Industrial Control Systems (ICS). It aims to bridge the gap between traditional information technology (IT) security methodologies and the unique demands of OT/ICS in Critical Infrastructure (CI) sectors. Recognizing the distinct challenges and architectures inherent in these environments, the paper not only clarifies the foundational concepts of ZT but also provides a tailored roadmap for implementing these principles effectively in OT/ICS settings. This roadmap employs a systematic approach from defining Protect Surfaces to continuous monitoring and maintenance based on the five-step process outlined in the NSTAC Report to the President on Zero Trust and Trusted Identity Management, ensuring resilience and security in CI amidst a rapidly evolving digital technology and threat landscape. 

In most nations, the health of public services relies on secure and resilient Critical Infrastructure. We call these infrastructures "critical" because their destruction would have a drastic impact on the welfare of a nation. This publication promotes the implementation of Zero Trust principles for securing Critical Infrastructure. As an extensible and holistic enterprise security strategy, Zero Trust is the key for ensuring Critical Infrastructure protection. 

More specifically, this document delves into the nuanced application of Zero Trust for Operational Technology and Industrial Control Systems security strategies. First, it clarifies the foundational concepts of Zero Trust. Then, it provides a tailored roadmap for implementing these principles into Operational Technology and Industrial Control Systems settings. This roadmap employs a systematic five-step approach based on the NSTAC Report to the President on Zero Trust.

By leveraging this guidance, organizations will find a clear forward-looking path for continuous improvement of their security postures.

Zero Trust (ZT) is a strategic mindset that is highly useful for organizations to adopt as part of digital transformation and other efforts to increase the security and resilience of their organizations. Zero Trust is easily misunderstood and over-complicated because of the conflicting messaging within the Security industry, and the lack of established Zero Trust standards. In fact, Zero Trust is based on long-standing principles that have become more critical because of changes in the way we work and live: remote workers, increased reliance on third parties, adoption of the Cloud, and the widespread and accelerated adoption of Artificial Intelligence (AI) like Machine Learning (ML), Natural Language Processing (NLP), and Large Language Models (LLM), to name a few. This document is designed to fill the gaps and provide clarity by mapping out the underlying principles, including established Information Security (InfoSec) principles like the Concept of Least Privilege, Separation of Duties, and Segmentation. These guiding principles will remain consistent across all Zero Trust Pillars, varying use cases, different environments, and products. This guidance will evolve as the industry evolves.

This joint guide will assist organizations in defining a baseline for event logging to mitigate malicious cyber threats. The increased prevalence of malicious actors employing living off the land (LOTL) techniques, such as living off the land binaries and fileless malware, highlights the importance of implementing and maintaining an effective event logging program.

 The authors encourage public and private sector senior information technology (IT) decision makers, operational technology (OT) operators, network administrators, network operators, and critical infrastructure organizations to review the best practices in the guide and implement recommended actions. These Zero Trust-aligned actions can help detect malicious activity, behavioral anomalies, and compromised networks, devices, or accounts.

For more information on LOTL techniques, see joint guidance Identifying and Mitigating Living Off the Land Techniques and CISA’s Secure by Design Alert Series. For more information and guidance on event logging and threat detection, see CISA’s Secure Cloud Business Applications (SCuBA) products, network traffic analysis tool Malcom, and Logging Made Easy.

White paper discussing outcomes of the zero trust model for cybersecurity in the context of operational technology (OT) and industrial control systems (ICS).  Zero trust has become a widely accepted cybersecurity strategy, with the idea that risk is internally and externally inherent. Zero trust strategy is becoming more relevant in OT and hybrid approaches can incorporate zero trust principles when appropriate. The new paper from ISAGCA, titled “Zero Trust Outcomes Using ISA/IEC 62443 Standards,” analyzes the use of the ISA/IEC 62443 series of standards for zero trust in OT.

OT security prioritizes safety as the utmost concern. The paper provides guidance on how ISA/IEC 62443 — the world’s leading consensus-based standards for control systems cybersecurity — can support concepts of zero trust. The paper recommends that the zero trust model should not be introduced for essential functions as defined in ISA/IEC 62443. It emphasizes the importance of never overriding or interrupting essential critical functions in zero trust architecture implementations, especially safety functions associated with fault-tolerant systems design.

The security of government and industry information and services is predicated on timely responsiveness to cybersecurity threats. Automation and orchestration can respond to threats much faster than manual methods alone, which may not be fast enough to prevent compromise or damage.

The automation and orchestration pillar is the set of Zero Trust capabilities that automates security actions and reactions based on defined processes and security policies across the enterprise, with a focus on speed and scale. Automation is the use of software to control repetitive tasks, and orchestration is the coordination of IT processes and workflows to ensure proper management of tasks. By implementing and maturing automation and orchestration capabilities, an organization can become much more resilient to ever increasing and increasingly sophisticated cyber intrusion attempts, even partially successful ones.

US Executive Order (EO) 140281 requires federal agencies to implement zero trust. For the Department of Defense (DoD), zero trust requires designing a consolidated and more secure architecture without impeding operations or compromising security.  Zero trust supports the Federal Information Security Modernization Act of 2014 (FISMA), 2018 DoD Cyber Strategy, the 2019 DoD Digital Modernization Strategy, and the DoD Chief Information Officer’s (CIO) vision. The overlays are designed to accelerate implementation of zero trust within the department to better protect DOD networks.

The DoD Zero Trust Overlays are based on the DoD Zero Trust Reference Architecture and the DoD Zero Trust Capability Execution Roadmap. These documents describe the set of pillars, capabilities, enablers, and supporting activities and outcomes that underpin the Zero Trust Overlays.

Guidance from CISA, the FBI and partner organizations in Canada and New Zealand urges business owners of all sizes to move toward more robust security solutions—such as Zero Trust, Secure Service Edge (SSE), and Secure Access Service Edge (SASE)—that provide greater visibility of network activity. Additionally, this guidance helps organizations to better understand the vulnerabilities, threats, and practices associated with traditional remote access and VPN deployment, as well as the inherent business risk posed to an organization’s network by remote access misconfiguration. 

In the ever-expanding landscape of cybersecurity, threats manifest in various forms and often infiltrate systems discreetly. The constant risk of intrusion underscores the critical importance of swift detection and mitigation.

This cybersecurity information sheet (CSI) centers on the visibility and analytics aspect of the Zero Trust (ZT) model, emphasizing the significance of comprehensively observing data characteristics and events within an enterprise-wide environment. Prioritizing cyber-related data analysis aids in informing policy decisions, facilitating response actions, and constructing a risk profile to proactively fortify security measures.

Visibility and analytics form the cornerstone of any ZT strategy, empowering organizations to harness infrastructure, tools, data, and techniques for proactively mitigating risks and for rapid identification, detection, and response to emerging cyber threats. Evolving from traditional signature-based approaches, detection (visibility and analytics) and response capabilities are increasingly adopting behavior-based methodologies to combat the sophistication of modern cyber threats. This pillar highlights the benefits of continuous monitoring and provides insights essential for identifying and mitigating potential security risks to assure that only authorized users and devices access sensitive resources.

This CSI offers recommendations for advancing visibility and analytics within the ZT framework. It explains how these capabilities seamlessly integrate into a comprehensive ZT framework as detailed in the NSA publication, Embracing a Zero Trust Security Model. [1] National Security System (NSS), Department of Defense (DoD), and Defense Industrial Base (DIB) stakeholders can leverage this guidance in conjunction with complementary resources to enhance visibility and analytics through the implementation of outlined capabilities.

Adopting a ZT framework bolsters the protection of critical applications and workloads with a decisive shift from a network-centric to a data-centric security model (DSM) and granular implementation of attribute-based access control (ABAC) for every data access. A modernized ZT framework integrates visibility from multiple vantage points, makes risk-aware access decisions, and automates detection and response. The application and workload pillar disrupts the efforts of malicious actors by bringing granular access control and visibility to applications and workloads in the environment.  

The US National Cyber Director provided this report to the President and Congress as required by law. This report assesses the cybersecurity posture of the United States, the effectiveness of national cyber policy and strategy and the status of the implementation of national cyber policy and strategy.

The report reveals significant strides in the Federal Government's cybersecurity efforts, particularly through implementing Zero Trust Architecture (ZTA) as required by 2021 Executive Order 14028 for Improving the Nation’s Cybersecurity.

This cybersecurity information sheet (CSI) provides recommendations for maturing data security and enforcing access to data at rest and in transit, ensuring that only those with authorization can access the data. It further discusses how these capabilities integrate into a comprehensive Zero Trust (ZT) framework. 

Recent events highlight that adversaries who are successful at gaining a foothold in information systems often readily gain unfettered access to all data in those systems. By applying the recommendations in the data pillar, including identifying risks to data, integrating granular data attributes into access control mechanisms, and monitoring data access and use, organizations will reduce the impact and consequences of breaches and identify suspect activity earlier in the cyber intrusion lifecycle.

Enterprise adoption of Zero Trust is broad and growing. How is a mature Zero Trust program achieved? The NSTAC Report to the President on Zero Trust and Trusted Identity Management outlines a five-step implementation process. 

This publication by the CSA Zero Trust Working Group provides guidance on iteratively executing the first step of the Zero Trust implementation process, “Defining the Protect Surface.” Defining the protect surface entails identifying, categorizing, and assessing an organization's data, applications, assets, and services (DAAS); business risk; and current security maturity. In this document, readers will find valuable guidance that starts their Zero Trust security journey on the right path.

The US NSA has published a Cybersecurity Information Sheet (CSI) that details curtailing adversarial lateral movement within an organization’s network to access sensitive data and critical systems. The CSI, entitled “Advancing Zero Trust Maturity Throughout the Network and Environment Pillar,” provides guidance on how to strengthen internal network control and contain network intrusions to a segmented portion of the network using Zero Trust principles.

The network and environment pillar–one of seven pillars that make up the Zero Trust framework–isolates critical resources from unauthorized access by defining network access, controlling network and data flows, segmenting applications and workloads, and using end-to-end encryption. The CSI outlines the key capabilities of the network and environment pillar, including data flow mapping, macro and micro segmentation, and software defined networking.

This joint NSA & CISA cybersecurity information sheet (CSI) makes recommendations for implementing Zero Trust (ZT) security principles in a cloud environment, which can differ from on-premises (on-prem) networks. While on-prem networks require specialized appliances to enable ZT, cloud technologies natively provide the necessary infrastructure and services for implementing these recommendations to varying degrees. This CSI focuses on best practices using features commonly available in cloud environments.

The US Department of Homeland Security (DHS) has been implementing zero trust mandates for years. DHS leadership established a Zero Trust Action Group, and later a Zero Trust Integrated Product Team, incorporating technical leadership from across the Department—and together, these teams have made impressive progress.

This strategy establishes a shared vision that better protects resources, stabilizes cybersecurity budgets, and accelerates mission outcomes—all at the same time. This strategy will also allow the Department to pursue a shared zero trust vision while addressing shared challenges, including resource scarcity, legacy technology, and a nascent shared services environment.

This joint guidance for network defenders focuses on how to mitigate gaps and to detect and hunt for LOTL activity. The information in this guide is derived from a previously published joint advisory; incident response engagements undertaken by several of the authoring agencies; red team assessments by several of the authoring agencies using LOTL for undetected, persistent access; and collaborative efforts with industry.

The authoring agencies have observed cyber threat actors, including the People’s Republic of China (PRC) and Russian Federation state-sponsored actors, leveraging LOTL techniques to compromise and maintain persistent access to critical infrastructure organizations. The authoring agencies are releasing this joint guide for network defenders (including threat hunters) as the malicious use of LOTL techniques is increasingly emerging in the broader cyber threat environment.

Cyber threat actors leveraging LOTL abuse native tools and processes on systems. They use LOTL in multiple IT environments, including on-premises, cloud, hybrid, Windows, Linux, and macOS environments. LOTL enables cyber threat actors to conduct their operations discreetly as they can camouflage activity with typical system and network behavior, potentially circumventing basic endpoint security capabilities. This is where a Zero Trust strategy can help.

The Zero Trust playbook series guides you with specific role-by-role actionable information for planning, executing, and operating Zero Trust from the boardroom to technical reality. It provides simple, clear, and actionable guidance that fully answers your questions on Zero Trust using current threats, real-world implementation experiences, and open global standards. This first book in the series helps you understand what Zero Trust is, why it’s important for you, and what success looks like.

The Zero Trust model is quickly rising as the favored strategy to protect important assets. CSA’s Virtual Zero Trust Summit delivers knowledge needed to understand the core concepts of Zero Trust. Featuring prominent industry leaders such as John Kindervag, the founder of Zero Trust philosophy, the Summit will provide critical insights, tools, and best practices to develop and implement a Zero Trust strategy. With Zero Trust established as the future of information security, taking a Zero Trust based approach will inevitably become a requirement for organizations and a required skill for professionals. View the summit recordings to expand your Zero Trust knowledge and gain the necessary skills you need to implement the robust security measures required.  Click the link to access the session recordings.