Advancing Zero Trust Maturity Throughout the
Automation and Orchestration Pillar
Executive summary
The security of government and industry information and services is predicated on
timely responsiveness to cybersecurity threats. Automation and orchestration can
respond to threats much faster than manual methods alone, which may not be fast
enough to prevent compromise or damage.
The automation and orchestration pillar is the set of Zero Trust capabilities that
automates security actions and reactions based on defined processes and security
policies across the enterprise, with a focus on speed and scale. Automation is the use
of software to control repetitive tasks, and orchestration is the coordination of IT
processes and workflows to ensure proper management of tasks. By implementing and
maturing automation and orchestration capabilities, an organization can become much
more resilient to ever increasing and increasingly sophisticated cyber intrusion attempts,
even partially successful ones.
This pillar emphasizes dynamic security responses across the enterprise using policy
orchestration to enforce policy decisions; critical process automation to improve
efficiency; artificial intelligence / machine learning where applicable to further improve
automation; security orchestration, automation, and response (SOAR) to weave
together response actions; data exchange standardization to enable interoperability
among capabilities; and security operations and incident response coordination, plans,
and abilities. This cybersecurity information sheet (CSI) describes these automation and
orchestration pillar capabilities and recommendations for reaching increasing maturity
levels.
