Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Summary
NIST is working with industry to define the fundamental tenets of Zero Trust Architecture (ZTA) and research, develop and standardize the technologies and practices necessary to apply ZTA to critical and emerging network technologies. ZTA is an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources. ZTA grants no implicit trust to assets or user accounts based solely on their logical, physical or network location and requires explicit authorization and authentication of each instance of resource access or communication.
Major Accomplishments
- 2024 - NIST begins work with the O-RAN Alliance and ATIS to fully incorporate zero trust archtiecture into emerging standards for 5G and 6G wireless standards.
- 2023 - NIST publishes Zero Trust Architecture Model for Access Control in Cloud-Native Applications in Multi-Cloud Environments (NIST SP 800-207A).
- 2020 - NIST publishes Zero Trust Architecture (NIST SP 800-207) defining the basic tenets and deployment models of ZTA.
See Additional Details below for additional NIST contributions from this project.
Zero Trust Networks
Product | Reference |
|---|---|
NIST Publication | Borchert O., Kerman A., Rose S., Souppaya M., et. al., Implementing a Zero Trust Architecture - NIST Special Publication 1800-35D, NCCoE - Preliminary Draft, August 2023.
|
NIST Publication | Borchert O., Howell G., Kerman A., Rose S., Souppaya M., et. al., Implementing a Zero Trust Architecture - NIST Special Publication 1800-35B, Preliminary Draft, July 2023.
|
Presentation, Invited | Rose S., Borchert O., Zero Trust Archtecture, ATIS TOPS Enhanced Zero Trust and 5G Meeting Series, February 2023. |
NIST Publication | Rose S., Planning for a Zero Trust Architecture: A Guide for Federal Administrators, Cybersecurity White Paper, National Institute of Standards and Technology (Gaithersburg MD)., May 2022. |
Presentation | Rose S., Kerman A., Zero Trust Architecture, Presentation to the National Security Telecommunications Advisory Council, September 2021. |
Presentation | Rose S., Zero Trust Architecture, European Identity and Cloud Conference 2021, September 2021. |
White Paper | Rose S., Planning for a Zero Trust Architecture: A Starting Guide for Administrators, NIST Cybersecurity White Paper, August 2021. |
Presentation, Invited | Rose S., Finding Order in Chaos: A Conceptual Framework for Zero Trust, RSA Conference Executive Security Action Forum, January 2021. |
White Paper | Kerman A., Borchert O., Rose S., Division E., Tan A., Implementing a Zero Trust Architecture, NCCoE Project Description (Final), October 2020. |
NIST Publication | Rose S., Borchert O., Mitchell S., Connelly S., Zero Trust Architecture, National Institute of Standards and Technology Special Publication (SP) 800-207, August 2020.
|
Presentation | Rose S., Jones J., Deploying Zero Trust for Federal Agencies, M3AAWG 48th General Meeting, San Francisco CA, February 2020. |
Presentation | Rose S., NIST SP 800-207 Draft Status Update, Zero Trust Architecture Technical Exchange Meeting, NCCoE, November 2019. |
Collaborators = Amazon Web Services, Appgate, Broadcom Software, Cisco Systems, Department of Homeland Security, DigiCert, F5, Forescout, Google Cloud, IBM, Ivanti, Lookout, MITRE, Mandiant, Microsoft, Okta, PC Matic, Palo Alto Networks, Ping Identity, Radiant Logic, SailPoint, Stu2Labs, Tenable, Trellix, VMware, Zimperium, Zscaler