The NIST National Cybersecurity Center of Excellence (NCCoE) has released the fourth version of our preliminary draft practice guide, Implementing a Zero Trust Architecture (NIST SP 1800-35), for public comment. This publication outlines results and best practices from the NCCoE effort to work with 24 vendors to demonstrate end-to-end zero trust architectures.
Starting with this release, we are introducing our traditional NIST SP 1800-35 document in two formats; one “High-Level Document in PDF Format” and one “Full Document in Web Format.” The document in PDF format is meant to serve as introductory reading with insight into the project effort (since it provides a high-level summary of project goals, reference architecture, various ZTA implementations, and findings).
The web format document provides in-depth details about technologies leveraged, their integrations and configurations, and the use cases and scenarios demonstrated. It also contains information on the implemented security capabilities and their mappings to the NIST Cybersecurity Framework (CSF) versions 1.1 and 2.0, NIST SP 800-53r5, and security measures outlined in “EO-Critical Software” under Executive Order 14028.
The comment period for this draft practice guide has closed. Thank you to everyone who shared their feedback with us.