CISO Tradecraft

CISO Tradecraft header image 1
March 12, 2021  

CISO Tradecraft: Zero Trust

March 12, 2021

Would you actually like to learn about what Zero Trust is without a bunch of marketing jargon?  On this week's episode G Mark Hardy and Ross Young provide a thoughtful discussion on Zero Trust from NIST and Microsoft:

  • NIST 800-207 Seven Tenets of Zero Trust

    1. All data sources and computing services are considered resources
    2. All communication is secured regardless of network location
    3. Access to individual enterprise resources is granted on a per-session basis
    4. Access to resources is determined by dynamic policy
    5. The enterprise monitors and measures the integrity and security posture of all owned and associated assets
    6. All resource authentication and authorization are dynamic and strictly enforced before access is allowed
    7. The enterprise collects as much information as possible about the current state of assets, network infrastructure, and communication and uses it to improve its security posture