NIST SPECIAL PUBLICATION 1800- 35C
Implementing a Zero Trust Architecture
Volume C:
How -To Guides
Gema Howell
Alper Kerman
Murugiah Souppaya
National Institute of
Standards and Technology
Gaithersburg, MD
Jason Ajmo
Yemi Fashina Parisa Grayeli
Joseph Hunt
Jason Hurlburt
Nedu Irrechukwu
Joshua Klosterman
Oksana Slivina
Susan Symington
Allen Tan
The MITRE Corporation
McLean, VA
Peter Gallagher
Aaron Palermo
Appgate
Coral Gables, FL
Adam Cerini
Conrad Fernandes
AWS (Amazon Web Services)
Arlington, VA
Kyle Black
Sunjeet Randhawa
Broadcom Software
San Jose, CAAaron Rodriguez
Micah Wilson
Cisco
Herndon, VA
Corey Bonnell
Dean Coclin
DigiCert
Lehi, UT
Ryan Johnson
Dung Lam
F5
Seattle, WA
Neal Lucier
Tom May
Forescout
San Jose, CA
Tim Knudsen
Google Cloud
Mill Valley, CA
Harmeet Singh
Krishna Yellepeddy
IBM
Armonk, NY
Corey Lund
Farhan Saifudin
Ivanti
South Jordan, UTHashim Khan Tim LeMaster
Lookout
Reston, VA
James Elliott
David Pricer
Mandiant
Reston, VA
Clay Taylor
Tarek Dawoud
Microsoft
Redmond, WA
Vinu Panicker
Okta
San Francisco, CA
Andrew Keffalas
Norman Wong
Palo Alto Networks
Santa Clara, CA
Rob Woodworth
Shawn Higgins
PC Matic
Myrtle Beach, SC
Bryan Rosensteel
Ivan Anderson
Ping Identity
Denver, COWade Ellery
John Petrutiu
Radiant Logic
Novato, CA
Frank Briguglio
Ryan Tighe
SailPoint
Austin, TX
Chris Jensen
Joshua Moll
Tenable
Columbia, MD
Jason White
Trellix, Public Sector
Reston, VA
Jacob Rapp
Paul Mancuso
VMware
Palo Alto, CA
Joe Brown
Jim Kovach
Zimperium
Dallas, TX
Bob Smith
Syed Ali
Zscaler
San Jose, CA
August 2022
PRELIMINARY DRAFT
This publication is available free of charge from
h
ttps://www.nccoe.nist.gov/projects/implementing -zero -trust -architecture
PRELIMINARY DRAFT
NIST SP 1800- 35C: Implementing a Zero Trust Architecture ii DISCLAIMER 1
Certain commercial entities, equipment, products, or materials may be identified by name or company 2
logo or other insignia in order to acknowledge their participation in this collaboration or to describe an 3
experimental procedure or concept adequately. Suc h identification is not intended to imply special 4
status or relationship with NIST or recommendation or endorsement by NIST or NCCoE; neither is it 5
intended to imply that the entities, equipment, products, or materials are necessarily the best available 6
for the purpose. 7
While NIST and the NCCoE address goals of improving management of cybersecurity and privacy risk 8
through outreach and application of standards and best practices, it is the stakeholder’s responsibility to 9
fully perform a risk assessment to i nclude the current threat, vulnerabilities, likelihood of a compromise, 10
and the impact should the threat be realized before adopting cybersecurity measures such as this 11
recommendation. 12
National Institute of Standards and Technology Special Publication 180 0-35C, Natl. Inst. Stand. Technol. 13
Spec. Publ. 1800 -35C, 83 pages, ( August 2022), CODEN: NSPUE2 14
FEEDBACK 15
You can improve this guide by contributing feedback. As you review and adopt this solution for your 16
own organization, we ask you and your colleagues to share your experience and advice wi th us. 17
Comments on this publication may be submitted to: nccoe- zta-project@list.nist.gov . 18
Public comment period: August 9 , 2022 through September 9, 2022 19
All comments are subject to release under the Freedom of Information Act. 20
National Cybersecurity Center of Excellence 21
National Institute of Standards and Technology 22
100 Bureau Drive 23
Mailstop 2002 24
Gaithersburg, MD 20899 25
Email: nccoe@nist.gov
26 PRELIMINARY DRAFT
NIST SP 1800- 35C: Implementing a Zero Trust Architecture iii NATIONAL CYBERSECURITY CENTER OF EXCELLE NCE 27
NIST.SP.1800-35c-preliminary-draft
安全标准 >
NIST >
文档预览
中文文档
83 页
50 下载
1000 浏览
0 评论
0 收藏
3.0分
温馨提示:本文档共83页,可预览 3 页,如浏览全部内容或当前文档出现乱码,可开通会员下载原始文档
本文档由 思安 于 2022-12-05 09:21:59上传分享