Trust—v. a firm belief in the reliability, truth, ability or strength of
[your network, your team and your tools.]
Current Level: 2
Last Audit: 2024-09-09

Fairoaks IT | STATUS:

TRUST LEVEL 1 – Advanced Security Controls

Trust Level 1 is focused on preventing lateral movement. Organizations achieve this by eliminating trust. Simply, NOT automatically trusting anything inside the network perimeter. Trust Level 1 means verifying everything before granting access.

This is different than the old trust-but-verify method. Trust Level 1 focuses on verify then trust, and often verify again.

To successfully pass a Trust Level 1 assessment, an organization must demonstrate advanced security controls implemented in the following areas:

Patching, Backups, Tool Deployment, Identity and Access Management.

These items are audited by a third party at least every 90 days.

TRUST LEVEL 2 – Telemetry, Training and Response

Trust Level 2 is achieved by looking for trouble. Examples include properly configuring log analysis tools, log aggregation and training. Training is focused on quickly recognizing threats and swiftly responding to eradicate them from the environment.

Organizations that achieve Trust Level 2 have a rigorous new member education protocol that includes training on virus removal, log analysis, and security controls.

These organizations also have documented breach response protocols.

Trust Level 2 is renewed on a 90-day interval via ongoing training, threat recognition, third-party auditing, and testing.