CA-09: Zero Trust Network Access

CA-09 is a security control that full zero trust: never trust, always verify. every access request is validated against device health, user risk, and location. this ensures compromised devices and credentials cannot access resources. It requires that all cloud app access requires a compliant device and named locations are configured for corporate networks, location-based blocking policies are enforced, risk-based sign-in policies are active.

Full Zero Trust: never trust, always verify. Every access request is validated against device health, user risk, and location. This ensures compromised devices and credentials cannot access resources.

TrueConfig provides one-click remediation for CA-09. Creates a CA policy requiring device compliance for all cloud apps. PREREQUISITE: Intune device compliance policies must be configured.

This control requires Azure AD Premium P2 (included in Microsoft 365 E5) or standalone P2.

CA-09 is included in the Maximum Security baseline (Level 3). This level is designed for high-security environments and regulated industries.

CA-09 is rated critical because failure to implement this control significantly increases the risk of security incidents. Full Zero Trust: never trust, always verify. Every access request is validated against device health, user risk, and location. This ensures compromised devices and credentials cannot access resources.