Thursday , July 4 2024
NIST

NSA Releases Guidance on Zero Trust Maturity

infosecbulletin Sunday , May 26 2024 International

The NSA released an information sheet called “Advancing Zero Trust Maturity Throughout the Application and Workload Pillar.” This sheet will help organizations protect their applications from unauthorized users and maintain constant visibility of their workload.

This CSI gives recommendations for achieving different levels of application and workload capabilities under the Zero Trust (ZT) paradigm. It explains how these capabilities fit into a complete ZT framework. ZT implementation aims to improve cybersecurity protections, responses, and operations over time.

Microsoft Uncovers Flaws in Rockwell Automation PanelView Plus

By infosecbulletin / Thursday , July 4 2024
Microsoft's cybersecurity team found two major vulnerabilities in Rockwell Automation's PanelView Plus, a widely used human-machine interface in industrial settings....
Read More
Microsoft Uncovers Flaws in Rockwell Automation PanelView Plus

Researchers detect 28 new Ransomwares in June

By infosecbulletin / Thursday , July 4 2024
Cybersecurity experts found 28 new types of ransomware in June. These malicious programs are a big threat to individuals and...
Read More
Researchers detect 28 new Ransomwares in June

Vote for DHAKA, Vote for ISACA at 6 July

By infosecbulletin / Wednesday , July 3 2024
ISACA Dhaka Chapter election is going to be held on Saturday (6 July) 2024. This year 23 candidates will fight...
Read More
Vote for DHAKA, Vote for ISACA at 6 July

Google to pays $250,000 for KVM zero-day vulnerabilities

By infosecbulletin / Wednesday , July 3 2024
Google launched a new bug bounty program called kvmCTF to enhance the security of its Kernel-based Virtual Machine (KVM) hypervisor....
Read More
Google to pays $250,000 for KVM zero-day vulnerabilities

Brain Cipher Ransomware to Release Decryption Keys free for Indonesia

By infosecbulletin / Tuesday , July 2 2024
The Brain Cipher ransomware group to release the decryption keys for Indonesia Terkoneksi on Wednesday. They said their attack aims...
Read More
Brain Cipher Ransomware to Release Decryption Keys free for Indonesia

0-click Account Takeover via Google Authentication

By infosecbulletin / Tuesday , July 2 2024
"A critical vulnerability has been identified in the Google Authentication mechanism of the application. By manipulating the ID and email...
Read More
0-click Account Takeover via Google Authentication

multiple vulnerabilities found in apache HTTP server

By infosecbulletin / Tuesday , July 2 2024
The Apache Software Foundation has found multiple security issues in the widely used Apache HTTP Server. These vulnerabilities could lead...
Read More
multiple vulnerabilities found in apache HTTP server

Australian four major banks raised alarm on cyber ‘warfare’

By infosecbulletin / Tuesday , July 2 2024
An executive from National Australia Bank reveals that the four major banks in the country face continuous attacks, as threat...
Read More
Australian four major banks raised alarm on cyber ‘warfare’

CVE-2024-20399: Cisco NX-OS Vulnerability Under active Attack

By infosecbulletin / Monday , July 1 2024
There is a security flaw (CVE-2024-20399) in Cisco NX-OS Software that lets an attacker with local access execute commands as...
Read More
CVE-2024-20399: Cisco NX-OS Vulnerability Under active Attack

NCSA to do maximum work with limited manpower: DG Kamruzzaman

By infosecbulletin / Monday , July 1 2024
Despite the limited manpower and various limitations, efforts are being made to keep the country's cyber space safe, said the...
Read More
NCSA to do maximum work with limited manpower: DG Kamruzzaman

“This guidance helps organizations disrupt malicious cyber activity by applying granular access control and visibility to applications and workloads in modern network environments,” said Dave Luber, NSA’s Director of Cybersecurity. “Implementing a Zero Trust framework places cybersecurity practitioners in a better position to secure sensitive data, applications, assets, and services.”

According to the CSI, applications and workloads depend on each other. Applications are computer programs and services that run on premise and cloud environments. Workloads can be standalone solutions or groups of processing components performing functions.

The application and workload pillar in a Zero Trust architecture relies on these capabilities: application inventory, secure software development and integration, software risk management, resource authorization and integration, and continuous monitoring and ongoing authorizations.

NSA is helping DoD customers test Zero Trust systems and create more guidance for integrating Zero Trust principles into enterprise networks.

This guidance expands on NSA’s previously released CSIs on Zero Trust, including the following:

Embracing a Zero Trust Security Model

Advancing Zero Trust Maturity Throughout the User Pillar

Advancing Zero Trust Maturity Throughout the Device Pillar

Advancing Zero Trust Maturity Throughout the Data Pillar

Advancing Zero Trust Maturity Throughout the Network and Environment Pillar. Click here to read the full report.

Check Also

entrust

Google Blocking Entrust Certificates in Chrome in November 2024

Starting November 1, 2024, Google will block websites that use certificates from Entrust. Google made …

Leave a Reply

Your email address will not be published. Required fields are marked *

Mail: [email protected]
© Copyright 2024, All Rights Reserved InfoSecBulletin