The NIST National Cybersecurity Center of Excellence (NCCoE) has released the initial public draft practice guide, Implementing a Zero Trust Architecture (NIST SP 1800-35), for public comment. This publication outlines results and best practices from the NCCoE effort to work with 24 vendors to demonstrate end-to-end zero trust architectures.
Two resources of NIST SP 1800-35 have been released. One is the “High-Level Document in PDF Format,” which serves as introductory reading with insight into the project effort including a high-level summary of project goals, reference architecture, various ZTA implementations, and findings.
The “Full Document in Web Format” provides in-depth details about technologies leveraged, their integrations and configurations, and the use cases and scenarios demonstrated. It also contains information on the implemented security capabilities and their mappings to the NIST Cybersecurity Framework (CSF) versions 1.1 and 2.0, NIST SP 800-53r5, and security measures outlined in “EO-Critical Software” under Executive Order 14028.
Please submit comments by completing the comment template which includes two tabs (“High-Level Document in PDF” and “Full Document in Web Format”). Please email the comment spreadsheet to [email protected] by January 31, 2025.