The NSA published another Cybersecurity Information Sheet (CSI) today, its final zero-trust report, focusing on the Automation and Orchestration pillar of the Zero Trust (ZT) framework. The CSI is intended to help organizations better detect cyber threats and respond to common threats faster. It provides recommendations for automating routine tasks to better focus resources on investigating anomalies associated with advanced tactics, techniques, and procedures.
The automation and orchestration pillar is composed of the following key capabilities. Members are encouraged to review the information sheet as it discusses each of the below capabilities in depth.
- Policy orchestration using policy decision points
- Critical process automation
- Artificial intelligence
- Machine learning
- Security orchestration, automation, and response (SOAR)
- Data exchange standardization
- Security operations coordination and incident response
The capabilities described in this CSI are intended to continually mature cybersecurity protections, responses, and operations over time. Progression of capabilities in each of the ZT framework’s seven pillars should be seen as a cycle of continuous improvement based on evaluation and monitoring of threats. The Automation and Orchestration Pillar is the sixth pillar in the seven-pillar ZT framework, which includes:
- User
- Device
- Application & Workload
- Data
- Network and Environment
- Automation and Orchestration
- Visibility and Analytics
The purpose of Zero Trust principles is to operate under the assumption that threats already exist within network boundaries. This mindset allows personnel and organizations to attentively identify, protect against, and respond to cyber intrusions. WaterISAC encourages members to review this CSI and to apply Zero Trust principles in their environments as needed. For more information and to access the full CSI, visit NSA.gov.