• New Zealand’s Government Communications Security Bureau (GCSB); 
• New Zealand’s Computer Emergency Response Team (CERT-NZ); and 
• The Canadian Centre for Cyber Security (CCCS).

The guidance urges business owners of all sizes to move toward more robust security solutions—such as Zero Trust, Secure Service Edge (SSE), and Secure Access Service Edge (SASE)—that provide greater visibility of network activity. Additionally, this guidance helps organizations to better understand the vulnerabilities, threats, and practices associated with traditional remote access and VPN deployment, as well as the inherent business risk posed to an organization’s network by remote access misconfiguration.

CISA and its partners encourage leaders to review the guidance to help with the prioritization and protection of remote computing environments.

For more information and guidance on protection against the most common and impactful tactics, techniques, and procedures for network access security, visit CISA’s Cross-Sector Cybersecurity Performance Goals. For more information on zero trust, visit CISA’s Zero Trust Maturity Model.