What is modern defensible architecture?
Modern defensible architecture is the first step in Australian Signals Directorate (ASD)’s Australian Cyber Security Centre (ACSC)’s push to ensure that secure architecture and design are being considered and applied by organisations in their cyber security and resilience planning. It is an approach that assists organisations in applying consistent, foundational goals to build, maintain, update and enhance their systems.
Modern defensible architecture aims to assist organisations to prepare and plan for the adoption of technologies based on:
- Zero trust principles of “never trust, always verify”, "assume breach" and "verify explicitly", implemented through zero trust architecture; and
- Secure-by-Design practices to institute a security mindset within organisations when it comes to procuring or developing software products and services.
What is zero trust?
Zero trust is a cyber security approach that removes the concept of inherent trust from resources and users inside a network perimeter and ensures that every request is verified before access is granted. Access policies use contextual information based on real-time and accurate data about the requestor, environment and resources, assuming the network is hostile until proven otherwise.
Zero trust architecture combines security concepts and capabilities designed and built into an architectural approach that implements zero trust principles.
What are the Foundations for modern defensible architecture
ASD’s ACSC’s Foundations for modern defensible architecture (the Foundations) provide a baseline of secure design and architecture activities that will best prepare organisations to adapt to current and emerging cyber threats and challenges. The Foundations have been developed to assist organisations to prepare and plan for the adoption of technologies based on zero trust principles and architecture and secure-by-design practices.
The Foundations provide an additional layer of architectural advice to support complementary cyber security outcomes to ASD’s Essential Eight and Information Security Manual (ISM).
Feedback
The Foundations have been released for consultation, to allow organisations across the private and public sectors to provide feedback and contribute to the Foundations to ensure they are clear, relevant and useful.
We value your opinion and would like to hear from you on:
- suggested improvements to the draft Foundations
- further advice and guidance you would like to see developed via our future work program, and
- any case studies, experiences or lessons learned you wish to discuss or provide to inform our future work.
ASD’s ACSC will be hosting a series consultative roundtable discussions in February and March 2025 to consult on the Foundations. These events will introduce the concept of modern defensible architecture, including how it relates to zero trust and secure-by-design, and will provide you and your organisation with a unique opportunity to help the future of these fundamental concepts to enhance cyber security and resilience.
To express your interest in attending these roundtables by Friday, 21 February, or to provide written feedback or questions, please email us at acsc.sda@asd.gov.au
The Foundations are being released in parallel with the Department of Home Affairs’ (Home Affairs) consultation paper Guiding Principles to Embed a Zero Trust Culture, which seeks comment on policy principles to inform government adoption of zero trust principles and technologies. We encourage government service providers and organisations to consider the Home Affairs’ consultation paper.