PR.IR-01.262

Has your organization implemented a zero trust architecture that restricts network access to each resource based on the principle of least privilege?

Explanation

Zero trust architecture operates on the principle that no user or system should be inherently trusted, requiring continuous verification before granting access to resources. This approach involves microsegmentation of networks, strong identity verification, and just-in-time, just-enough access controls to minimize the attack surface. Implementing zero trust helps prevent lateral movement by attackers if a system is compromised, as each resource has its own access controls regardless of network location. Evidence of implementation could include network architecture diagrams showing segmentation, access control policies documenting least privilege implementations, identity and access management configurations, or reports from zero trust assessment tools that demonstrate how resource access is restricted to only necessary users and systems.

Implementation Example

Implement zero trust architectures to restrict network access to each resource to the minimum necessary

ID: PR.IR-01.262

Context

Function: PR: PROTECT
Category: PR.IR: Technology Infrastructure Resilience
Sub-Category: Networks and environments are protected from unauthorized logical access and usage

ResponseHub is the product I wish I had when I was a CTO

Previously I was co-founder and CTO of Progression, a VC backed HR-tech startup used by some of the biggest names in tech.

As our sales grew, security questionnaires quickly became one of my biggest pain-points. They were confusing, hard to delegate and arrived like London busses - 3 at a time!

I'm building ResponseHub so that other teams don't have to go through this. Leave the security questionnaires to us so you can get back to closing deals, shipping product and building your team.

Neil Cameron

Founder, ResponseHub