NIST Issuing Revised Draft of Zero Trust Guidance for Public Comment

The notion of zero trust networks and architecture intended to support better cybersecurity is often misunderstood. Cyber experts at the National Institute of Standards and Technology have put out a document to help. It’s called Zero Trust Architecture Special Publication 800-207. NIST computer scientist Scott Rose said the publication is meant to help generate a “conceptual framework” for agencies and cybersecurity experts to apply zero trust principles within their enterprise — both in their network infrastructure and how they actually do operations.

Zero Trust typically means the security belief that organizations should not automatically trust everything accessing their systems, and should be more selective about who can connect with what and why. It’s not a single technology solution, Rose clarified.

NIST hopes zero trust doesn’t bring headaches for users, in the form of repeatedly entering credentials to complete tasks. The zero trust demonstration project planned to launch at the National Cybersecurity Center of Excellence will examine user experience. Rose said the principle of the architecture is that all access be authenticated and authorized is not to say some background technologies can’t be used. User experience can affect changes in user behavior.


Read more at: Federal News Network