Date Published: March 2020
Email Comments to:
, , , ,
The National Cybersecurity Center of Excellence (NCCoE) at NIST is seeking comments on a draft project description that will focus on implementing a zero trust architecture.
The proliferation of cloud computing, mobile device use, and the Internet of Things has dissolved traditional network boundaries. Enterprises must evolve to provide secure user access to company resources from any location and device, protect interactions with business partners, and shield client-server as well as interserver communications.
A zero trust cybersecurity approach removes the assumption of trust from users and networks. It focuses on accessing resources in a secure manner regardless of network location, user, and device, enforcing rigorous access controls and continually inspecting, monitoring, and logging network traffic. This requires data-level protections, a robust identity architecture, and strategic micro-segmentation to create granular trust zones around an organization’s digital resources.
Zero trust evaluates access requests and network traffic behaviors in real time over the length of open connections while continually and consistently recalibrating access to the organization’s resources. Designing for zero trust enables enterprises to securely accommodate the complexity of a diverse set of business cases by informing virtually all access decisions and interactions between systems.
This NCCoE project will demonstrate a standards-based implementation of a zero trust architecture. Publication of this project description begins a process that will further identify project requirements and scope, as well as the hardware and software components for use in a laboratory environment. In the laboratory, the NCCoE will build a modular, end-to-end example zero trust architecture(s) that will address a set of cybersecurity challenges aligned to the NIST Cybersecurity Framework. This project will result in a freely available NIST Cybersecurity Practice Guide.
Keywords cybersecurity; enterprise; network security; zero trust; zero trust architecture