Open for Public Comment | NIST Publication on Implementing Zero Trust Architecture
The NIST National Cybersecurity Center of Excellence (NCCoE) has released the fourth version of our preliminary draft practice guide, Implementing a Zero Trust Architecture (NIST SP 1800-35), for public comment. This publication outlines results and best practices from the NCCoE effort to work with 24 vendors to demonstrate end-to-end zero trust architectures.
As an enterprise’s data and resources have become distributed across on-premises and multiple cloud environments, protecting them has become increasingly challenging. Many users need options to access information across the globe, at all hours, across devices. The NCCoE is addressing these unique challenges by collaborating with industry participants to demonstrate 17 sample zero trust architecture implementations (applied to a conventional, general-purpose enterprise IT infrastructure).
Detailed technical information for each sample implementation can serve as a valuable resource for technology implementers by providing models they can replicate. The lessons learned from the implementations and integrations can help organizations save time and resources.
Starting with this release, we are introducing our traditional NIST SP 1800-35 document in two formats; one “High-Level Document in PDF Format” and one “Full Document in Web Format.”
The document in PDF format is meant to serve as introductory reading with insight into the project effort (since it provides a high-level summary of project goals, reference architecture, various ZTA implementations, and findings).
The web format document provides in-depth details about technologies leveraged, their integrations and configurations, and the use cases and scenarios demonstrated. It also contains information on the implemented security capabilities and their mappings to the NIST Cybersecurity Framework (CSF) versions 1.1 and 2.0, NIST SP 800-53r5, and security measures outlined in “EO-Critical Software” under Executive Order 14028.
We Want to Hear from You!
We welcome your input and look forward to your comments by September 30, 2024. We also invite you to join our mailing list to receive news and updates about this project.