What is the Manage Trust in People Granted Access (TRUST) security capability?
The TRUST security capability reduces the risk of a loss in data availability, integrity, and confidentiality. It ensures only properly vetted users are given access to systems and credentials (e.g., user, system, and elevated credentials). It also ensures that trust levels are properly monitored and renewed as specified in agency policy.
What security results should we be able to achieve by implementing TRUST?
The TRUST security capability helps ensure every user meets the required trust level of assigned attributes, is periodically rescreened to revalidate trustworthiness, and is not assigned to incompatible attributes that violate an agency’s policies.
What type of security issues are addressed by the TRUST security capability?
The TRUST security capability gives agencies visibility into risks associated with user vetting. Many agencies have screening and/or indoctrination processes they use before granting access to sensitive material. These processes help agencies determine clearances, credentialing, suitability, and fitness, and establish a baseline level of trust for each user. This trust can determine suitability for specific access. The level of trust required for a user to gain access to sensitive data often increases with the sensitivity of the data.
Once a user is successfully vetted and authorized for a certain trust level, key data (or trust level authorization attributes) need to be added as data elements to systems and processes that monitor and enforce access. Agency policy determines additional trust requirements, including review or renewal of trust frequency, incompatible user roles, grace periods, and who is authorized to accept risks associated with trust.
The TRUST security capability will help ensure every user meets the required trust level of any role they are assigned, is periodically rescreened to revalidate trustworthiness, and is not assigned to incompatible roles that violate an agency’s policies.
What can I do to reduce my exposure to inappropriate access by untrustworthy persons?
To implement TRUST security capabilities, agencies need to establish official trust policies (which will serve as the desired state). These policies include the screening processes for personnel, how long a given trust level is valid before it expires and formal re-vetting is required, and what the re-vetting and re-indoctrination policies/processes are for each trust level. This formal re-vetting revalidates a user’s trust level, accounting for potential deterioration of trust over time due to negative factors in a person’s life that could potentially erode trustworthiness.
How does the TRUST security capability define a trust level?
A trust level is a specified degree of trust (i.e., amount of access) granted to a user. Examples include National Security System (NSS) classifications (i.e., none, Confidential, Secret, or Top Secret), non-disclosure agreements, and “read-ons” for access to sensitive data.
How does the TRUST security capability support ongoing automated assessments as defined by National Institute of Standards and Technology (NIST) Special Publication (SP) 800-137, Information Security Continuous Monitoring (ISCM) for Federal Information Systems and Organizations?
The TRUST security capability defines the desired state in key areas that support automating ongoing assessments. For example, the TRUST security capability verifies that users completed suitability checks, have appropriate clearance, and have received an adjudication for Entry on Duty (EOD). This helps fulfill the Personnel Screening (PS) family of controls in NIST SP 800-53, Revision 4, Security and Privacy Controls for Federal Information Systems and Organizations.
What data should we collect to better prepare to implement the TRUST security capability?
Agencies should collect data associated with the level of trust granted to a user, including the level of trust required for a role, the roles to which a user is assigned or authorized, and other locally defined policy for roles and TRUST levels. This will provide measurable data for automated security checks. These security checks will provide the basis for automating the monitoring, reporting, and prioritization of trust deficiencies in an agency’s cyber environment. Continuous Diagnostics and Mitigation (CDM) will display deficiencies for review and action.
How can I assign managers for the TRUST security capability?
Organizations should collaborate with their designated CDM program point of contact (POC); Identity, Credential, and Access Management (ICAM) program management office; and personnel security office (PSO) to identify proper managers for the TRUST security capability.
How can we prevent improperly vetted users from getting on the network in the first place?
An agency can take the following actions to reduce the number of personnel who do not meet the TRUST desired state specifications for their role and duties:
- Ensure a user’s trust level is periodically revalidated,
- Perform proper screening/indoctrination of personnel to determine trustworthiness before assigning them to a role, and
- Continuously improve trust management processes to increase overall efficiency.
How does the TRUST security capability support other CDM security capabilities?
The TRUST security capability supports other CDM security capabilities by providing actual state and desired state conditions related to trust management within an agency. CDM can compare these conditions to determine risk areas that agencies need to address.
What is the Master User Record (MUR)?
Each CDM Phase 2 security capability requires data on user attributes (e.g., a user’s roles, security privileges, accounts) to enforce policy and identify defects regarding who is on the network. The MUR serves as a repository for user-related data collected from CDM tools and sensors, and contains a set of attributes or assertions about each user. The MUR stores information for each user that requests access to information, information systems, and facilities. It consolidates a user’s comprehensive set of job functions and system roles and their associated accesses and privileges in one place.