Requesting Public Comment | NIST Guidance on Implementing a Zero Trust Architecture

National Institute of Standards and Technology (NIST) sent this bulletin at 12/04/2024 01:41 PM EST
NIST

View As Web Page
Header

National Cybersecurity Center of Excellence

Requesting Public Comment | NIST Guidance on Implementing a Zero Trust Architecture

The NIST National Cybersecurity Center of Excellence (NCCoE) has released the draft of the practice guide, Implementing a Zero Trust Architecture (NIST SP 1800-35), for public comment. This publication outlines results and best practices from the NCCoE effort working with 24 vendors to demonstrate end-to-end zero trust architectures.

As an enterprise’s data and resources have become distributed across on-premises and multiple cloud environments, protecting them has become increasingly challenging. Many users need options to access information across the globe, at all hours, across devices. The NCCoE addressed these unique challenges by collaborating with industry participants to demonstrate 19 sample zero trust architecture implementations.

Detailed technical information for each sample implementation can serve as a valuable resource for technology implementers by providing models they can replicate. The lessons learned from the implementations and integrations can help organizations save time and resources.

Two resources of NIST SP 1800-35 have been released. The “High-Level Document in PDF Format” serves as introductory reading with insight into the project effort, including a high-level summary of project goals, reference architecture, various ZTA implementations, and findings.

The “Full Document in Web Format” provides in-depth details about technologies leveraged, their integrations and configurations, and the use cases and scenarios demonstrated. It also contains information on the implemented security capabilities and their mappings to the NIST Cybersecurity Framework (CSF) versions 1.1 and 2.0, NIST SP 800-53r5, and security measures outlined in “EO-Critical Software” under Executive Order 14028.

This is the last draft being released for comment before the document will be finalized.

We Want to Hear from You!

We welcome your input and look forward to your comments by January 31, 2025. We also invite you to join our mailing list to receive news and updates about this project.  

 

Comment Now

NIST Cybersecurity and Privacy Program

Questions/Comments about this notice: nccoe-zta-coi@list.nist.gov  

NCCoE Website questions: nccoe@nist.gov