NIST to Test Federal "Zero Trust" Security Architectures

NCCoE — part of the National Institute of Standards and Technology, which released its definition of zero trust for public comment in late September — is “about to walk on that journey of zero trust and begin to build out some different security architectures that model some of the work in government and perhaps financial institutions to be able to think about where you can use some of the nobs and levers over time,” Donna Dodson, chief cybersecurity adviser at NIST, said Thursday in reference to the strong cybersecurity tools already available in government.

Zero trust refers to the narrowing of cyberdefenses from wide network perimeters to micro-perimeters around individual or small groups of resources, according to NIST.

Many agencies already have elements of zero-trust architectures in place. For instance, some have “great authentication capabilities,” but they may not use them enough or in the right situations, Dodson said at the Ignite ‘19 Cybersecurity Conference on Thursday.

While many employees want to plug in their personal identity verification card on Monday, when they log on to their agency’s network, and take it with them when they log out on Friday, that’s not always appropriate, she added.

“We need to be able to take what we have in place today and perhaps augment it a bit so that we can dial the nobs for individuals or for different roles within the organization,” Dodson said.

Read more at: Fed Scoop