NSA unveils updated guidelines for data security maturity

April 16, 2024
1 min read


TLDR:

NSA has rolled out new maturity data security guidance in the form of a cybersecurity information sheet (CIS) that outlines recommendations for maturing data security within a Zero Trust Framework. The CIS focuses on data security capabilities and aligns them with zero trust maturity levels.

NSA Rolls Out New Maturity Data Security Guidance

The National Security Agency (NSA) issued a cybersecurity information sheet (CIS) on April 9 detailing recommendations for maturing data security and enforcing access to data in transit and at rest. The CIS Advancing Zero Trust Maturity Throughout the Data Pillar aims to ensure that authorized users can access data by integrating data security capabilities into a comprehensive Zero Trust Framework.

  • The CIS outlines data security capabilities aligned with zero trust maturity levels
  • Seven pillars in the zero trust security model CIS include user, device, network/environment, applications and workload, visibility and analytics, automation and orchestration, and data

Since the release of the Embracing a Zero Trust Security Model CIS in February 2021, NSA has provided updates and related products to guide the adoption of a zero trust mindset. The new CIS recognizes the value of the data pillar and its role in mitigating risk, with capabilities such as data catalog risk alignment, enterprise data governance, data monitoring and sensing, data encryption and rights management, data loss prevention, and data access control.

The CIS also highlights the importance of data management within the zero trust framework for limiting data breaches and minimizing damage in case a breach occurs. The DoD zero trust strategy emphasizes constant verification to protect organizational data.

Implementing an effective data management plan within the zero trust framework limits data breaches and provides necessary information on compromised assets to minimize damage.


Latest from Blog

EU push for unified incident report rules

TLDR: The Federation of European Risk Management Associations (FERMA) is urging the EU to harmonize cyber incident reporting requirements ahead of new legislation. Upcoming legislation such as the NIS2 Directive, DORA, and