The National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) is looking for feedback on the fourth version of its preliminary draft practice guide, Implementing a Zero Trust Architecture.
NCCoE published the draft guide on Aug. 6, which demonstrates “17 sample zero trust architecture implementations applied to a conventional, general-purpose enterprise IT infrastructure.” The latest publication “outlines results and best practices” from NCCoE’s work with 24 vendors to develop and implement “end-to-end zero trust architecture.”
Zero trust, a policy of trusting no one by default even if they’re inside the network perimeter, has increasingly become the Federal and industry cybersecurity standard.
“As an enterprise’s data and resources have become distributed across on-premises and multiple cloud environments, protecting them has become increasingly challenging,” said NCCoE. “Many users need options to access information across the globe, at all hours, across devices.”
NCCoE released two separate formats of the document, including the “High-Level Document in PDF Format” and “Full Document in Web Format.” The PDF document serves as “introductory reading with insight into the project effort” in reference to NCCoE’s industry participants’ development of goals, architecture, and findings.
The web format includes “in-depth details” about NIST standards and best practices for technology and security.
“Detailed technical information for each sample implementation can serve as a valuable resource for technology implementers by providing models they can replicate,” said NCCoE. “The lessons learned from the implementations and integrations can help organizations save time and resources.”
Participating organizations in NCCoE’s zero trust implementation project include Google, Zscaler, Microsoft, and IBM.
Those interested in submitting comments on the draft guide must do so by Sept. 30.