Criterion’s approach to a Zero Trust model allows for the principle, “never trust and always verify access,” while ensuring user-access control. It reduces the component access to the data by leveraging network sensor platforms and network segmentation, constrains lateral network movement by implementing security devices, enhances threat/vulnerability prevention, and implements security protection strategies.
Criterion’s Zero Trust approach assumes that an attacker is ever present within an environment. Therefore, we develop an enterprise reference architecture that is based on drastically reducing the size of implicit trust zones while adding granular access rules and opportunities to enforce these rules. This is achieved by expanding the number of policy decision and enforcement points across key areas of the defense-in-depth model and leveraging both new and existing cyber capabilities to challenge subject and data movement. This approach will more effectively mitigate the risk of successful data breaches and limit internal lateral movement as a result of internal compromise. It is also effective across any type of system boundary, whether it is on-premise, hybrid, or native cloud.
In accordance with NIST SP 800-207, Criterion offers a four-step approach for organizations to get started with Zero Trust.
Decision made to adopt Zero Trust as a core strategy.
Generated based on detailed knowledge of organization’s assets, subjects, data flows, and workflows.
Plan includes a vision that identifies a target end state, including a best-fit approach per element that reinforces organization-specific mission objectives.
Includes policy updates, governance body spin-up or change in operations, hiring, end-user and system administrator training, procurement, reallocation of resources, etc.
Here are our latest blog posts on Zero Trust–related topics written by Criterion subject matter experts.
On October 28, Criterion’s CIO Bob Heckman will be moderating a panel entitled, Zero Trust Reference Architecture.
Under EO 14028, all Federal government agencies are specifically required to adopt Zero Trust Architecture (ZTA).