Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

NIST SP 1800-35 (4th Preliminary Draft)

Implementing a Zero Trust Architecture

Date Published: July 31, 2024
Comments Due: September 30, 2024 (public comment period is CLOSED)
Email Questions to: nccoe-zta-project@list.nist.gov

Announcement

The NIST National Cybersecurity Center of Excellence (NCCoE) has released the fourth version of our preliminary draft practice guide, Implementing a Zero Trust Architecture (NIST SP 1800-35), for public comment. This publication outlines results and best practices from the NCCoE effort to work with 24 vendors to demonstrate end-to-end zero trust architectures.

Starting with this release, we are introducing our traditional NIST SP 1800-35 document in two formats; one High-Level Document in PDF Format and one Full Document in Web Format. The document in PDF format is meant to serve as introductory reading with insight into the project effort (since it provides a high-level summary of project goals, reference architecture, various ZTA implementations, and findings).

The web format document provides in-depth details about technologies leveraged, their integrations and configurations, and the use cases and scenarios demonstrated. It also contains information on the implemented security capabilities and their mappings to the NIST Cybersecurity Framework (CSF) versions 1.1 and 2.0, NIST SP 800-53r5, and security measures outlined in “EO-Critical Software” under Executive Order 14028.

Please submit comments by completing the comment template which includes 3 tabs (“Overall” tab, “High-Level Document in PDF” tab and “Full Document in Web Format” tab). Please email the comment spreadsheet to nccoe-zta-project@list.nist.gov by September 30th, 2024.

Abstract

Keywords

enhanced identity governance (EIG); identity, credential, and access management (ICAM); microsegmentation; secure access service edge (SASE); software-defined perimeter (SDP); zero trust; zero trust architecture (ZTA)
Control Families

None selected

Documentation

Publication:
NIST SP 1800-35 high-level overview
NIST SP 1800-35 Full Document

Supplemental Material:
Comment template (xlsx)
Project homepage

Document History:
08/09/22: SP 1800-35 (Draft)
07/19/23: SP 1800-35 (Draft)
08/22/23: SP 1800-35 (Draft)
07/31/24: SP 1800-35 (Draft)