Advancing Zero Trust Maturity Throughout the
Device Pillar
Executive summary
Continued cyber incidents have called attention to the immense challenges of ensuring
effective cybersecurity across the federal government, as with many large enterprises,
and demonstrate that “business as usual” approaches are no longer sufficient to defend
the nation from cyber threats. The government can no longer depend only on traditional
strategies and defenses to protect critical systems and data. [1]
A modernized cybersecurity framework—Zero Trust—integrates visibility from multiple
vantage points, makes risk-aware access decisions, and automates detection and
response. Implementing this framework places network defenders in a better position to
secure sensitive data, systems, applications, and services. [2]
This cybersecurity information sheet (CSI) provides recommendations for maturing
devices—the Zero Trust device pillar—to effectively ensure all devices seeking access
earn trust based on device metadata and continual checks to determine if the device
meets the organization’s minimum bar for access. The primary capabilities of the device
pillar are:
identification, inventory, and authentication
detection of unknown devices and configuration compliance checks of known
ones
device authorization using real time inspections
remote access protections
hardware updates and software patches
device management capabilities
endpoint detection and response for threat detection and mitigation
This CSI further discusses how these capabilities integrate into a comprehensive Zero
Trust (ZT) framework, as described in Embracing a Zero Trust Security Model. [2]
National Security System (NSS), Department of Defense (DoD), and Defense Industrial
Base (DIB) owners and operators should use this and complementary guidance to
understand how to take concrete steps for maturing device security by implementing the
outlined capabilities.
