Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 1800-35 (2nd Preliminary Draft)

Implementing a Zero Trust Architecture (Volume E, Risk and Compliance Management)

Date Published: September 12, 2023
Comments Due: October 31, 2023 (public comment period is CLOSED)
Email Questions to:


The Zero Trust Architecture (ZTA) team at NIST's National Cybersecurity Center of Excellence (NCCoE) has released the second version of volume E of a preliminary draft practice guide titled Implementing a Zero Trust Architecture and is seeking the public's comments on the contents. 

This guide summarizes how the NCCoE and its collaborators are using commercially available technology to build interoperable, open standards-based ZTA example implementations that align to the concepts and principles in NIST Special Publication (SP) 800-207, Zero Trust Architecture

Volume E provides a risk analysis and mapping of ZTA reference design security characteristics to cybersecurity standards and recommended practices. The updated version also includes mappings from the vendor products that have been implemented so far to applicable cybersecurity standards and recommended practices.

The public comment period for Volume E is open through October 31st, 2023.  Please note that Vol. A, B, and C are the previous versions and do not require reviews; also, Volume D is open for public comment until October 9th, 2023.



enhanced identity governance (EIG); identity, credential, and access management (ICAM); zero trust; zero trust architecture (ZTA)
Control Families

None selected