Implementing a Zero Trust Architecture

Conventional network security has focused on perimeter defenses, but many organizations no longer have a clearly-defined perimeter. To protect a modern digital enterprise, organizations need a comprehensive strategy for secure “anytime, anywhere” access to their corporate resources (e.g., applications, legacy systems, data, and devices) regardless of where they are located.

Publications

End-to-end zero trust architecture implementations to help industry and government reduce the risk of cyber attack

The National Cybersecurity Center of Excellence (NCCoE) aims to remove the shroud of complexity around designing for zero trust with “how to” guides and example approaches to implementing a zero trust architecture for several common business cases.
Status: Reviewing Comments

The NIST National Cybersecurity Center of Excellence (NCCoE) has released the fourth version of our preliminary draft practice guide, Implementing a Zero Trust Architecture (NIST SP 1800-35), for public comment. This publication outlines results and best practices from the NCCoE effort to work with 24 vendors to demonstrate end-to-end zero trust architectures.

Starting with this release, we are introducing our traditional NIST SP 1800-35 document in two formats; one “High-Level Document in PDF Format” and one “Full Document in Web Format.” The document in PDF format is meant to serve as introductory reading with insight into the project effort (since it provides a high-level summary of project goals, reference architecture, various ZTA implementations, and findings).

The web format document provides in-depth details about technologies leveraged, their integrations and configurations, and the use cases and scenarios demonstrated. It also contains information on the implemented security capabilities and their mappings to the NIST Cybersecurity Framework (CSF) versions 1.1 and 2.0, NIST SP 800-53r5, and security measures outlined in “EO-Critical Software” under Executive Order 14028.

The comment period for this draft practice guide has closed. Thank you to everyone who shared their feedback with us.

NIST SP 1800-35 Implementing a Zero Trust Architecture: High-level Overview (4th Preliminary Draft in PDF Format) Document Version NIST SP 1800-35 Implementing a Zero Trust Architecture: High-level Overview (4th Preliminary Draft in PDF Format)
NIST SP 1800-35 Implementing a Zero Trust Architecture: Full Document (4th Preliminary Draft in Web Format)Web Version NIST SP 1800-35 Implementing a Zero Trust Architecture: Full Document (4th Preliminary Draft in Web Format)

Project Abstract

The proliferation of cloud computing, mobile device use, and the Internet of Things has dissolved conventional network boundaries. The workforce is more distributed, with remote workers who need access to resources anytime, anywhere, and on any device, to support the mission. Organizations must evolve to provide secure access to company resources from any location and asset, protect interactions with business partners, and shield client-server as well as inter-server communications.  

The NCCoE initiated this project in collaboration with industry participants to demonstrate several approaches to a zero trust architecture applied to a conventional, general purpose enterprise information technology (IT) infrastructure on premises and in the cloud, which will be designed and deployed according to the concepts and tenets documented in NIST Special Publication (SP) 800-207, Zero Trust Architecture. The example implementations integrate commercial and open-source products that leverage cybersecurity standards and recommended practices to showcase the robust security features of zero trust architectures.  

This project is developing a NIST Cybersecurity Practice Guide, a publicly available description of the practical steps needed to implement the cybersecurity reference designs for zero trust. 

Read the Project Description

The proliferation of cloud computing, mobile device use, and the Internet of Things has dissolved conventional network boundaries.

Collaborating Vendors

Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capabilities from academia and industry (vendors and integrators). The following respondents with relevant capabilities or product components (identified as “Technology Partners/Collaborators” herein) signed a Cooperative Research and Development Agreement to collaborate with NIST in a consortium to build this example solution.

Federal CIO Council Efforts 

Since late 2018, National Institute of Standards and Technology (NIST) and NCCoE cybersecurity researchers have had the opportunity to work closely with the Federal Chief Information Officer (CIO) Council, federal agencies, and industry to address the challenges and opportunities for implementing zero trust architectures across U.S. government networks. This work resulted in publication of NIST Special Publication (SP) 800-207, Zero Trust Architecture.  

In November 2019, the NCCoE and the Federal CIO Council cohosted a Zero Trust Architecture Technical Exchange Meeting that brought together zero trust vendors and practitioners from government and industry to share successes, best practices, and lessons learned in implementing zero trust in the federal government and the commercial sector. 

The NCCoE project builds on this body of knowledge. We continue to share lessons learned with the Federal CIO Council and look forward to their continued feedback to inform NCCoE cybersecurity guidance and identify future challenges in this space. 

Join the Community of Interest

Employee speaking on video call with colleagues on online briefing with laptop at home

A Community of Interest (COI) is a group of professionals and advisors who share business insights, technical expertise, challenges, and perspectives to guide NCCoE projects. COIs often include experts, innovators, and everyday users of cybersecurity and privacy technologies. Share your expertise and consider becoming a member of this project's COI. 

Tell us about yourself

First & Last Name