Advancing Zero Trust Maturity Throughout the
Network and Environment Pillar
Executive summary
After gaining access to an organization’s network, one of the most common techniques
malicious cyber actors use is lateral movement through the network, gaining access to
more sensitive data and critical systems. The Zero Trust network and environment pillar
curtails adversarial lateral movement by employing controls and capabilities to logically
and physically segment, isolate, and control access (on-premises and off-premises)
through granular policy restrictions.
The network and environment pillar works in concert with the other Zero Trust pillars as
part of a holistic Zero Trust security model that assumes adversary breaches occur
inside the network, and so limits, verifies, and monitors activities throughout the
network.
The concepts introduced in this cybersecurity information sheet provide guidance on
enhancing existing network security controls to limit the potential impact of a
compromise through data flow mapping, macro and micro segmentation, and software
defined networking. These capabilities enable host isolation, network segmentation,
enforcement of encryption, and enterprise visibility. As organizations mature their
internal network control, they greatly improve their defense-in-depth posture and,
consequently, can better contain, detect, and isolate network intrusions.
