NIST Brings on New Guidances
With the ongoing proliferation of remote workers, bring-your-own-device work situations and cloud-based assets not located on premises, the NIST has issued a new zero-trust architecture strategies and guidelines.
Zero trust is the term for an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets and resources. A zero-trust architecture uses zero trust principles to plan industrial and enterprise infrastructure and workflows.
This architecture focuses on protecting resources like assets, services, workflows, network accounts, etc., instead of network segments. That’s because the network location is no longer seen as the prime component to the security posture of the resource.
NIST also released new draft guidance on selecting security and privacy control baselines for working for the federal government. This new guidance addresses federal information systems and is applicable to information systems used or operated by an agency, a contractor on behalf of an agency, or another organization on behalf of an agency. This draft guidance is a comment period that ends on Sept. 11.
Federal contractors should closely follow these guidelines as the new security and privacy baselines will be applied to any federal information system used or operated by a contractor on behalf of an agency or another organization on behalf of the organization.
You may not notice these new regulations and guidelines as they take effect, so partner with 2W Tech to keep you in compliance. Contact us today to get started with your Cybersecurity Compliance Program and let our IT consultants do the work for you.