<img src="https://ws.zoominfo.com/pixel/6169bf9791429100154fc0a2" width="1" height="1" style="display: none;">
Curious about how StrongDM works? 🤔 Learn more here!
Search
Close icon
Search bar icon

NSA Zero Trust Maturity Guidance Explained (TL;DR Version)

StrongDM is pleased to see that, in April 2024, the National Security Agency of the United States, has released a Cybersecurity Information (CSI) sheet that recommends why and how organizations, public and private, should adopt the Zero Trust (ZT) security model for their data tier of infrastructure. At the core of the recommendations, an organization needs to know what data it possesses, how that data is being accessed, and how to control access to that data. 

While the paper emphasizes the security at the data tier, the tacit recommendations made in the paper indicate that the NSA advocates for a Zero Trust approach across the entirety of enterprise environments. The paper was widely read here at StrongDM, and we were happy to see this level of commitment to Zero Trust coming from such an important organization. While not putting words into the mouths of its authors, it is clear they see the need for comprehensive, complete, and continuous Zero Trust principles to be applied for all enterprise security elements.  

Spoiler alert: Security risk is not limited to data

While the threats to web applications and the databases that serve those applications are different, there is a direct connection between the two. In fact, the OWASP Top 10 list puts Broken Access Control as the number one critical security risk to web applications. 94% of applications were tested and had an incidence rate of 3.81%. This resulted from things like over-privileged users, roles, and capabilities; bypassing access control checks; and elevation of privilege where none should exist.

It is clear that data access is fertile ground for attacks, but how can you separate data access from any other type of access? And for that matter, can you effectively address security vulnerabilities if you only look at access and not the resulting actions that occur ex post facto?

Without naming names, the NSA paper corroborates what the OWASP Top 10 list shows: in 2017, one of the major credit reporting agencies in the US had a massive data breach that resulted in the theft of sensitive personally identifiable information (PII) of 148 million people. This breach was the result of exploiting a vulnerable Apache Struts web application server, and cascaded into breaching of underlying data tiers via lateral movement and stealing of credentials. So, a breach occurred, of that there is no doubt. But the resulting damage was exponentially greater because of activity that occurred after access was granted.

We want to make clear that these things – access and actions – and where they occur – databases, applications, Kubernetes clusters – are all intertwined in every modern infrastructure. So, we’ll highlight not just the access control recommendations in the NSA document, but also how StrongDM’s real time, Zero Trust continuous authorization platform can help enterprise security, compliance, and operations teams today.

Background

Before digging into the summary of the paper, boiling down what the Zero Trust Security model is, seems appropriate:

Never Trust, Always Verify
Assume Breach

In the Zero Trust model, every connection to every system must be explicitly authenticated and authorized, regardless of the location on the network. The principle of least privilege (PoLP) is key to reducing the attack surface. We also assume that security threats exist both outside and inside of the network, and that those threads have either already breached or will imminently breach your network and resources.

This forces security, and adjacent teams, to implement continuous verification of credentials, security visibility into all of the resources, granular access control permissions to those resources, and strict policy enforcement of those controls.

StrongDM specifically addresses the Zero Trust Security model with our Dynamic Privileged Access Management architecture. We provide our customers with the platform to implement continuous authorization of users needing to access resources with sensitive data in real time.

The Data Pillar and its Capabilities

Before we get into the capabilities of the Data Pillar, we should note all seven of the pillars of ZT, which are outlined in the DoD Zero Trust Reference Architecture:

The Data Pillar is the core of the ZT Reference Architecture for good reason, as the data breach referenced above shows, that’s where every organization’s most valuable assets are stored. 

The NSA paper summarizes the core of the data pillar this way:

Secure data so it is accessed exclusively by authorized users 

This paper focuses on seven core capabilities into a maturity model:

  1. Data catalog risk alignment
  2. Enterprise data governance
  3. Data labeling and tagging
  4. Data monitoring and sensing
  5. Data encryption and rights management
  6. Data loss prevention
  7. Data access control

We won’t be going through every capability, but will highlight the areas where StrongDM has deep alignment within our core product functionality.

StrongDM Applies Zero Trust Continuously

StrongDM’s core product capabilities helps with all maturity levels of the Data access controls capability, with the majority of the controls addressed by core product functionality and StrongDM’s Policy Engine, which implements Policy-Based Access Control (PBAC) with granular access permissions and continuous contextual security evaluation and authorization of a user’s session. 

The following table shows the mappings in the Data Pillar maturity model that relate to StrongDM product functionality and how we help:

Capability Maturity Level Control How StrongDM Helps
Data catalog risk alignment Preparation Data ownership is identified Once owners are identified, roles with users can be created to be used in Dynamic Access Rules to allow access, and Strong Policies can be authored to include those principals to further refine fine-grained permissions.
Intermediate Data usage patterns are established Data usage patterns can be used to build identity actions performed on databases, and include those actions in Strong Policies to refine fine-grained permissions
Advanced Data is known according to risk levels Identifying data that is at higher risk or sensitivity can be used to create strong Policies with triggers such as approval workflows and MFA to require additional security friction
Enterprise data governance Intermediate Organization establishes just-in-time and just-enough data access control policies Access Workflows, along with Dynamic Access Rules, and Strong Policy Engine triggers, enables a strong solution for just-in-time and just-enough access, along with authorization triggers for critical operations
Advanced Rules and access controls are automated through central policy management Strong Policy Engine enables centralized policy management and enforcement for fine-grained access control with continuous security context
Data labeling and tagging maturity Intermediate Machine enforceable data access controls are implemented Access Workflows, along with Dynamic Access Rules, and Strong Policy Engine triggers, enables a strong solution for just-in-time and just-enough access, along with authorization triggers for critical operations
Data access controls Preparation Organizational policy is developed with enterprise-wide central management solutions in mind. Organizational policies can be coded into access policies, and Strong Policy Engine enables centralized policy management and enforcement for fine-grained access control with continuous security context
Ensure appropriate access to, and use of, data based on the data and user/NPE/device properties. Access Workflows, along with Dynamic Access Rules, and Strong Policy Engine triggers, enables a strong solution for just-in-time and just-enough access, along with authorization triggers for critical operations
A software defined storage (SDS) policy and an enterprise Identity Provider (IdP) integration plan are developed. StrongDM integrates with your IdP's identity lifecycle capabilities and onboarding / offboarding via SCIM; Roles are used in conjunction with Access Workflows and Dynamic Access Rules
Basic Policy Based Access Controls (PBAC) are established. PBACs inform data access decisions using attributes determined by policy rules. Strong Policy Engine enables centralized policy management and enforcement for fine-grained access control with continuous security context
Intermediate Attribute Based Access Controls (ABAC) are defined and established, ensuring identity attributes correspond to appropriate data objects. Strong Policy Engine enables centralized policy management and enforcement for fine-grained access control with continuous security context
Roles are defined and implemented ensuring access to data dependent on proper user roles within the organization. StrongDM integrates with your IdP's identity lifecycle capabilities and onboarding / offboarding via SCIM; Roles are used in conjunction with Access Workflows and Dynamic Access Rules
Advanced Individual and policy based access controls are established and automated central management solutions are fully integrated to manage changes from the central controller. Strong Policy Engine enables centralized policy management and enforcement for fine-grained access control with continuous security context
ABAC, RBAC, and PBAC controls are further refined to provide more granular access regulations. Strong Policy Engine enables centralized policy management and enforcement for fine-grained access control with continuous security context

Achieving Zero Trust With Strong Policy Engine

One of the key benefits of the Strong Policy Engine is the use of a powerful and granular policy language that enforces policies in near real-time, based on the Cedar Policy Language.

Strong Policy Engine implements the PARC model, which has four parts:

  • Principal: Users, groups, roles
  • Action: The valid operations defined for resources
  • Resource: The object being operated on, in StrongDM’s case, an infrastructure resource
  • Context: Additional attributes that can be used to evaluate during the policy evaluation

Additionally, Strong Policy Engine can trigger requests for further evaluation and authorization, such as asking for an MFA code, or go through an additional approval workflow, implementing advanced maturity controls in the ZT Data pillar. The diagram below maps policy constructs to the ZT Pillars at a high level:

As stated earlier, StrongDM specifically addresses the Zero Trust Security model with our Dynamic Privileged Access Management architecture and the Strong Policy Engine. 

We call this Zero Trust PAM, and StrongDM is the only access solution that takes this approach (and achieves the outcomes intended from rigorous ZT standards).

🕵 Learn how Better.com uses StrongDM to adopt Zero Trust access.

If you would like to see the only platform to implement continuous authorization of users needing to access resources with sensitive data in real time, schedule a demo today!


About the Author

, Technical Evangelist, has had a long 30+ year career in systems engineering and architecture, but has spent the last 13+ years working on the Cloud, and specifically, Cloud Security. He's currently the Technical Evangelist at StrongDM, taking the message of Zero Trust Privileged Access Management (PAM) to the world. As a practitioner, he architected and created cloud automation, DevOps, and security and compliance solutions at Netflix and Adobe. He worked closely with customers at Evident.io, where he was telling the world about how cloud security should be done at conferences, meetups and customer sessions. Before coming to StrongDM, he lead an innovations and solutions team at Palo Alto Networks, working across many of the company's security products.

StrongDM logo
💙 this post?
Then get all that StrongDM goodness, right in your inbox.

You May Also Like

Zero Trust vs. VPN: Key Differences Explained (Side-by-Side)
Zero Trust vs. VPN: Key Differences Explained (Side-by-Side)
Understanding the core differences between a Zero Trust architecture and a Virtual Private Network (VPN) is an important step in shaping your organization’s cybersecurity strategy. Zero Trust and VPNs offer distinct approaches to security; knowing their functionalities and security philosophies helps you understand when to select one or the other to protect your data effectively—a strategic necessity for robust cybersecurity.
PAM Was Dead. StrongDM Just Brought it Back to Life.
PAM Was Dead. StrongDM Just Brought it Back to Life.
In essence, legacy PAM solutions over-index on access. StrongDM uses the principles of Zero Trust to evaluate and govern every action, no matter how minor - where each command, query, or configuration change is evaluated in real-time against dynamic policies that adapt to the context of the user, the sensitivity of the action, and the prevailing threat landscape.
Top 9 Zero Trust Security Solutions
Top 9 Zero Trust Security Solutions in 2024
Zero trust is a security and authentication model that eliminates the assumption of trust and shifts the focus from a traditional security parameter, like a VPN or firewall, to the individual user. Nearly all (92 percent) cybersecurity professionals agree that it’s the best network security approach that exists. In this article, we’ll evaluate the top nine zero trust solutions and help you decide which is right for your organization.
XZ Utils Backdoor Explained: How to Mitigate Risks
XZ Utils Backdoor Explained: How to Mitigate Risks
Last week, Red Hat issued a warning regarding a potential presence of a malicious backdoor in the widely utilized data compression software library XZ, which may affect instances of Fedora Linux 40 and the Fedora Rawhide developer distribution. CISA, or Cybersecurity & Infrastructure Security Agency, confirmed and issued an alert for the same CVE.
Context-Based Access Controls: Challenges, Importance & More
Context-Based Access Controls: Challenges, Importance & More
Context-based access controls refer to a dynamic and adaptive approach to managing security policies in modern infrastructure. Addressing challenges in enforcing consistent security across diverse platforms, these policies consider factors such as device posture and geo-location to adjust access controls dynamically. By narrowing access based on contextual parameters, they reduce the attack surface, enhance security, and streamline policy administration, ensuring compliance in evolving environments.