The National Institute of Standards and Technology (NIST) launched the final version of Special Publication (SP) 800-207 Zero Trust Architecture on August 11.
SP 800-207 details the core components of a zero-trust architecture with a focus on protecting resources rather than network segments. Although NIST wrote that zero trust is already present in the Federal environment, the new document provides a gap analysis of areas where more research and standardization are necessary to promote adoption of the cybersecurity strategy.
“Organizations need to implement comprehensive information security and resiliency practices for zero trust to be effective,” the document reads. “When balanced with existing cybersecurity policies and guidance, identity and access management, continuous monitoring, and best practices, a ZTA [zero-trust architecture] can protect against common threats and improve an organization’s security posture by using a managed risk approach.”
The new publication describes basic components of a zero-trust architecture, zero trust use cases, threats associated with zero trust, and other zero trust advice for Federal agencies.
Alper Kerman, cybersecurity engineer and project manager at NIST’s National Cybersecurity Center of Excellence, hinted at the document’s final release in May. According to Kerman, NIST is planning an opportunity for industry collaboration on its zero trust efforts later this year.