The National Institute of Standards and Technology (NIST) has released a publication to help agencies establish and implement a zero-trust architecture (ZTA) for their networks and systems.
The ZTA guidance highlights the core components of the architecture that work to transition cyber defenses from wide network perimeters to assets, resources and users.
NIST noted that the guidance also includes an abstract definition for ZTA as well as use cases and deployment models designed to help fortify the security posture of information technology systems.
“Zero trust focuses on protecting resources (assets, services, workflows, network accounts, etc.), not network segments, as the network location is no longer seen as the prime component to the security posture of the resource,” according to the agency.
“ZTA strategies are already present in current federal cybersecurity policies and programs, though the document includes a gap analysis of areas where more research and standardization are needed to aid agencies in developing and implementing ZTA strategies.”
