We introduced CISA's 5 Pillars of Zero Trust Maturity Model. We're taking a deeper dive into the first two, and arguably most foundational, of CISA's pillars: Identity and Devices.
Mastering these pillars is non-negotiable for any organization serious about building a resilient Zero Trust Architecture. They represent the core entities—users and their endpoints—that interact with your valuable data and applications.
The Bedrock: Identity and Devices in CISA's ZTMM
.jpeg?access_token=00631374-5607-4665-8801-71d89d7c5f01)
CISA's Zero Trust Maturity Model (ZTMM) emphasizes that authenticating users and securing devices are paramount. Let's explore each in detail.
Pillar 1: Identity
- Core Concept: The Identity pillar is centered on ensuring that every entity attempting to access resources—be it a human user, a service account, or an automated script—is precisely who or what it claims to be. This verification must be robust, consistent, and continuously re-evaluated.
- Key Goals (ZTMM):
- Strong Authentication: Implementing phishing-resistant Multi-Factor Authentication (MFA) universally.
- Centralized Identity Management: Consolidating identity systems for better control and visibility.
- Dynamic Authorization: Granting access based on real-time risk assessments of the identity.
- Essential Capabilities:
- Universal MFA adoption (e.g., FIDO2, PIV/CAC for federal).
- Automated identity lifecycle management (provisioning, de-provisioning, access reviews).
- Integration with threat intelligence to detect compromised credentials.
- Clear distinction and management of Person and Non-Person Entities (NPEs).
- Why it's Foundational: Stolen or compromised credentials remain a leading cause of data breaches. A strong Identity pillar acts as the primary gatekeeper, significantly reducing the risk of unauthorized access.
- Common Challenges: Resistance to MFA, managing identities across hybrid and multi-cloud environments, securing NPEs, and ensuring a smooth user experience.
.jpeg?access_token=26927409-0038-4ac9-b1fa-da10f1ff595f)
Pillar 2: Devices
- Core Concept: The Devices pillar focuses on ensuring that any device attempting to connect to enterprise resources is known, its security posture is assessed, and it is authorized before access is granted. This applies to all devices, from laptops and servers to mobile phones and IoT equipment.
- Key Goals (ZTMM):
- Comprehensive Device Inventory: Knowing every device that could potentially access resources.
- Continuous Device Posture Assessment: Regularly checking devices for compliance, vulnerabilities, and signs of compromise.
- Device-Based Access Controls: Using device health as a factor in access decisions.
- Essential Capabilities:
- Endpoint Detection and Response (EDR) and/or Mobile Device Management (MDM)/Unified Endpoint Management (UEM) solutions.
- Automated patching and configuration management.
- Device compliance checks (e.g., OS version, security software status).
- Network Access Control (NAC) to isolate or restrict non-compliant devices.
- Why it's Foundational: A compromised or poorly secured device can undermine even the strongest identity controls, providing an attacker with a foothold into the network.
- Common Challenges: The explosion of Bring Your Own Device (BYOD) and IoT devices, maintaining an accurate inventory, ensuring consistent security across diverse operating systems, and dealing with unmanaged or legacy devices.
Identity + Devices: A Powerful Duo
The true strength of Zero Trust comes from the interplay between these pillars. A verified user (Identity) on a compromised device (Devices) should still be denied access to sensitive resources. Conversely, a secure device attempting access with suspicious credentials should trigger alerts. This dynamic, context-aware approach is central to ZTA.
How TRaViS Supports Your Identity and Device Security
While TRaViS EASM primarily focuses on your external attack surface, it provides critical visibility that supports the Devices pillar. By continuously discovering and inventorying your internet-facing assets (which are, by definition, devices or hosts for applications/workloads), TRaViS helps you:
- Enhance your device inventory: Identifying assets you might not have been aware of.
- Assess device posture: By highlighting vulnerabilities and misconfigurations on these external assets.
- Inform risk-based decisions: The state of your external devices can feed into broader risk assessments that influence identity and access policies.
Join the Conversation & Learn More!
Understanding and implementing robust Identity and Device security measures are critical first steps on your Zero Trust journey. We encourage you to:
How mature are your organization's Identity and Device security practices according to CISA's model?
.png "ZTA awareness month travisasm.")
What are the biggest hurdles your organization faces in strengthening Identity and Device security for ZTA?
Discover the external assets you need to secure.
