The NSA has issued guidance on adopting zero-trust principles to counter internal network threats. Zero-trust architecture prevents unauthorized access and movement within networks by assuming threats exist and enforcing strict access controls. The approach includes data flow mapping, segmentation, and software-defined networking to minimize breach impacts. No CVEs are associated with this guidance.
We are slowly getting there. But the bosses love their stupid labels and certifications.