New guidance from the National Institute of Standards and Technology (NIST) adds to the growing toolkit of zero trust resources available to security professionals across organizations. Released in June, the publication offers starting points for building zero trust architectures, a comprehensive strategy that secures access to corporate applications, legacy systems, data, and devices from any location at any time.
What is Zero Trust Architecture?
Traditional network security approaches rely on perimeter-based protection, where devices that gain network entry can then access a network’s internal data, applications, and other resources. However, with the surge in cloud services and telework, many organizations no longer have clearly-defined perimeters. Zero trust architecture (ZTA) addresses this challenge by assuming that no user or device can be trusted, regardless of its location or previous verification.
NIST’s resource, Implementing a Zero Trust Architecture (NIST Special Publication (SP) 1800-35), outlines results and best practices from a National Cybersecurity Center of Excellence (NCCoE) project, detailing 19 example implementations of ZTAs built using commercial, off-the-shelf technologies. It also offers results and best practices from the 24 industry collaborators who participated in the project.
“This guidance gives you examples of how to deploy ZTAs and emphasizes the different technologies you need to implement them,” Alper Kerman, a NIST computer scientist and co-author of the publication, said. “It can be a foundational starting point for any organization constructing its own ZTA.”
NIST reports that the new guidance updates the 2020 publication, Zero Trust Architecture (NIST SP 800-207), a high-level document that describes zero trust at the conceptual level. “While the earlier publication discussed how to deploy a ZTA and offered models, the new publication gives users more help addressing their own needs, which can be a substantial task when implementing ZTA,” according to NIST.
Access more information on the guidance via NIST’s news release and access additional cybersecurity news and resources via ANSI’s website.
