Actions

Gartner’s CARTA Framework

Revision as of 17:05, 21 September 2022 by User (talk | contribs)

Gartner’s CARTA Framework aka Continuous Adaptive Risk and Trust Assessment (CARTA) is a strategic approach to IT security that favors continuous cybersecurity assessments and contextual decision-making based on adaptive evaluations of risk and trust. CARTA was introduced by Gartner in 2010 as an evolution of its Adaptive Security Architecture.[1]


The CARTA Approach[2]
The CARTA strategic approach stipulates that effective risk and cybersecurity management require:

  • 100% device visibility and automated control
  • Continuous monitoring, assessment, and remediation of cyber and operational risk
  • Micro-segmentation to contain breaches and limit lateral movement/damage
  • Technologies and products from multiple vendors
  • New levels of multivendor orchestration and process/response automation
  • Discovery, posture assessment, and remediation/control of physical and virtual devices as well as cloud infrastructure and workloads
  • Effective security management of agentless IoT devices and cyber-physical OT systems


The Need for CARTA[3]
Given the relentless pace of investment in security tools over the past decade, you may wonder why enterprises and government organizations haven’t solved all of their security problems and still need such an all-encompassing security framework. But let’s face it: Cybercriminals these days are wildly successful. The status quo simply isn’t working. Previously effective security and risk management approaches are unsuitable for rapid changes brought about by IP-connected data sharing and digital transformation. Some of these changes include:

  • Hypergrowth of non-traditional devices and OSes—most of which are agentless
  • Perimeter defenses no longer work—physical vendor access, phishing, and insider credential abuse circumvent the perimeter every day
  • Corporate device ownership has become irrelevant thanks to mobile computing, BYOD, and IoT/OT devices showing up constantly on enterprise networks
  • Point-in-time scans are old news—asset inventory and vulnerability assessment must occur continuously in real time
  • Security silos add inefficiency and delays—too many tools to learn and use and too many manual processes to keep pace with growth and unyielding pressure from hackers
  • One-time block/allow authentication methods miss the mark while impeding access to legitimate users
  1. Defining Gartner’s CARTA Framework[1]
  2. The CARTA Approach [2]
  3. Why CARTA [3]
Retrieved from "https://cio-wiki.org//index.php?title=Gartner’s_CARTA_Framework&oldid=10695"