The National Security Agency has published Phase One and Phase Two of its Zero Trust Implementation Guidelines, or ZIGs, to provide organizations with activities needed to advance their cybersecurity journeys.
Phase One and Phase Two outline a total of 77 activities organizations can follow to transition their zero trust implementation from discovery to target-level maturity, the agency said Friday.
The ZIG series organizes the 152 activities in the Department of War’s Zero Trust Strategy.
Military leaders will provide an update on the zero trust implementation within their respective organizations ahead of the DOW’s 2027 deadline at the Potomac Officers Club’s 2026 Cyber Summit on May 21. Get your tickets here.
What Are the Zero Trust Implementation Guidelines?
The guidelines offer a five-phase approach to zero trust implementation, allowing organizations to customize activities to align with their unique requirements and goals.
NSA issued the first documents, Primer and Discovery Phase, under the ZIG series in January. The Discovery Phase is intended to enable organizations to identify critical data, applications, assets and services to be prioritized for zero trust implementation.
What Do the Phase One and Phase Two Guidelines Cover?
Phase One provides 36 activities that focus on establishing a secure foundation for supporting 30 zero trust capabilities, including multi-factor authentication, privileged access management, and federation and user credentialing.
Phase Two describes 41 additional activities that initiate the integration of core zero trust tools and enables 34 advanced capabilities. The document aligns with overarching guidance from the Pentagon, the Cybersecurity and Infrastructure Security Agency and the National Institute of Standards and Technology.
