Zero-Clear Tier 2 (of 3) Moderate impact to an organization who is implementing at this level, but provides potentially a perfect balance between VERY good security posture, without seemingly disconnecting from the Internet and/or causing a complete re-write of the way you do business. Solutions are geared towards being able to be implemented in reasonable order, and often within the weeks to months timeline an implementation team with a skillset similar to MCSE, CCDP, or similar. This team will often include seasoned, battle-hardened engineers with application, systems, network, and security training and experience. These are not coders, but engineers. There is no custom-coding involved with this level.
Technical Vectors to consider:
- All of Tier 3 and additionally…
- Adopt a privacy-centric OS for your mobile devices such as Calyx OS (calyxos.org)
- Adopt a privacy-centric OS for your workstations such as ZorinOS (zorin.com) or any other Linux distribution that focusses on privacy.
Operational (Human-Based Procedures) Vectors to consider:
- Configure all devices outside of your physical demarcation to utilize VPN or other obfuscation method. Disable split tunneling.
- Utilize token-based MFA rather than weaker methods such as SMS, or TOTP. Yubi currently does a better job that most others.
Management (Organizational Policy) Vectors to consider:
Implement the requirements within the NIST SP800-172