NIST SPECIAL PUBLICATION 1800-35A
Implementing a Zero
Trust Architecture
V
olume A:
Executive Summary
Alper Kerman
Murugiah Souppaya
National Institute of Standards and Technology
Rockville, Maryland
Dr. Parisa Grayeli
Susan Symington
The MITRE Corporation
McLean, Virginia
June 2022
PRELIMINARY DRAFT
This publication is available free of charge from
https://www.nccoe.nist.gov/projects/implementing- zero-trust-architecture
PRELIMINARY DRAFT
NIST SP 1800 -35A: Implementing a Zero Trust Architecture 1 Executive Summary 1
As an enterprise’s data and resources have become distributed across the on -premises environment and 2
multiple cloud s, protecting them has become increasingly challenging . Many users need access from 3
anywhere, at any time, from any device to support the organization’s mission. Data is programmatically 4
stored, transmitted, and processed across different organizations ’ environments , which are distr ibuted 5
across on-premises and the cloud to meet ever-evolving business use cases. It is no longer feasible to 6
simply protect data and resources at the perimeter of the enterprise environment and assume that all 7
users , devices , applications, and services within it can be trusted . 8
A zero -trust architecture (ZTA) enables secure authorized access to each individual resource , whether 9
located on -premises or in the cloud, for a hybrid workforce and partners based on a n organization’s 10
defined access policy. For each access request, ZTA explicitly verifies the con text available at access 11
time —this includes the requester’s identity and role, the requesting device ’s health and credentials , and 12
the sensitivity of the resource . If the defined policy is met , a secure session is created to protect all 13
information transferred to and from the resource . A real-time and continuous policy-driven, risk-based 14
assessment is performed to establish and maintain the access. 15
This guide summarizes how the National Cybersecurity Center of Excellence (NCCoE) and its 16
collaborators are using commercially available technology to build interoperable, open standards -based 17
ZTA implementations that align to the concepts and principles in NIST Special Publication ( SP) 800-20 7, 18
Zero Trust Architectur e. As the project progresses, this preliminary draft will be updated, and additional 19
volumes will also be released for comment. 20
CHALLENGE 21
Organizations would like to adopt a ZTA, but they have been facing some challenges which may include: 22
Leveraging existing invest ments and balancing priorities while making progress toward a ZTA 23
ZTA deployment requiring leveraging integration of many deployed existing technologies of 24
varying maturit ies and identifying technology gaps to build a complete ZTA 25
Concern that ZTA might negatively impact the opera tion of the environment or end -user 26
experience 27
Lack of common understanding of ZTA across the organization , gauging the organization’s ZTA 28
maturity , determining which ZTA approach is most suitable for the business , and developing an 29
implementation plan 30
This preliminary practice guide can help your organization:
Identify milestones for gradually integrating ZTA into your environment,
based on the demonstrat ed examples and using a risk-based approach, to:
Support teleworkers with access to resource s regardless of user location or
user device (managed or unmanaged)
Protect resources regardless of their location (on-premises or cloud -based )
Limit the insider threat (insiders are not automatically trusted ) PRELIMINARY DRAFT
NIST SP 1800 -35A: Implementing a Zero Trust Architecture 2 This preliminary practice guide can help your organization:
Limit breaches (reduce attackers ’ ability to move laterally in the
environment)
Protect sensitive corporate information with data security solution
NIST.SP.1800-35a-preliminary-draft
安全标准 >
NIST >
文档预览
中文文档
5 页
50 下载
1000 浏览
0 评论
0 收藏
3.0分
温馨提示:本文档共5页,可预览 3 页,如浏览全部内容或当前文档出现乱码,可开通会员下载原始文档
本文档由 思安 于 2022-12-05 09:22:07上传分享