NIST SPECIAL PUBLICATION 1800- 35B
Implementing a Zero Trust Architecture
Volume B:
Approach, Architecture, and Security Characteristics
Oliver Borchert
Gema Howell
Alper Kerman
Scott Rose
Murugiah Souppaya
National Institute of Standards
and Technology
Rockville, MD
Jason Ajmo
Yemi Fashina Dr. Parisa Grayeli
Joseph Hunt
Jason Hurlburt
Nedu Irrechukwu
Josh ua Klosterman
Kenneth Sandlin
Oksana Slivina
Susan Symington
Allen Tan
The MITRE Corporation
McLean, VA
Karen Scarfone
Scarfone Cybersecurity
Clifton, VA
Michael Friedrich
Peter Gallagher
Appgate
Coral Gables, F L
Adam Cerini
Conrad Fernandes
AWS ( Amazon Web Services )
Arlington, VA
Kyle Black
Sunjeet Randhawa
Broadcom Software
San Jose, CA
Peter Romness
Steve Vetter
Cisco
Herndon, VA
Corey Bonnell
Dean Coclin
DigiCert
Lehi, UT
Ryan Johnson
Dung Lam
F5
Seattle, WA
Tim Jones
Tom May
Forescout
San Jose, CA
Tim Knudson
Google Cloud
Mill Valley, CA
Mike Spisak
Harmeet Singh
IBM
Armonk, NY
Corey Lund
Farhan Saifudin Ivanti
South Jordan, UT
Hashim Khan
Tim LeMaster
Lookout
Reston, VA
Ken Durbin
Earl Matthews
Mandiant
Reston, VA Clay Taylor
Tarek Dawoud
Microsoft
Redmond, WA
Vinu Panicker
Okta
San Francisco, CA
Sean Morgan
Palo Alto Networks
Santa Clara, CA
Zack Austin
PC Matic
Myrtle Beach, SC
Bryan Rosensteel
Ivan Anderson
Ping Identity
Denver, CO
Wade Ellery
Deborah McGinn Radiant Logic
Novato, CA
Frank Briguglio
Ryan Tighe SailPoint
Austin, TX Chris Jensen
Joshua Moll
Tenable
Columbia, MD
Jason White
Trellix , Public Sector
Reston, VA
Jacob Rapp
Paul Mancuso
VMware Palo Alto, CA
Joe Brown
Jim Kovach
Zimperium
Dallas, TX
Bob Smith
Syed Ali
Zscaler
San Jose, CA
July 2022
PRELIMINARY DRAFT
This publication is available free of charge from
https://www.nccoe.nist.gov/projects/implementing-zero -trust -architecture
PRELIMINARY DRAFT
DISCLAIMER 1
Certain commercial entities, equipment, products, or materials may be identified by name or company 2
logo or other insignia in order to acknowledge their participation in this collaboration or to describe an 3
experimental procedure or concept adequately. Suc h identification is not intended to imply special 4
status or relationship with NIST or recommendation or endorsement by NIST or NCCoE; neither is it 5
intended to imply that the entities, equipment, products, or materials are necessarily the best available 6
for the purpose. 7
While NIST and the NCCoE address goals of improving management of cybersecurity and privacy risk 8
through outreach and application of standards and best practices, it is the stakeholder’s responsibility to 9
fully perform a risk assessment to i nclude the current threat, vulnerabilities, likelihood of a compromise, 10
and the impact should the threat be realized before adopting cybersecurity measures such as this 11
recommendation. 12
National Institute of Standards and Technology Special Publication 180 0-35B , Natl. Inst. Stand. Technol. 13
Spec. Publ. 1800 -35B , 113 pages, ( July 2022), CODEN: NSPUE2 14
FEEDBACK 15
You can improve this guide by contributing feedback. As you review and adopt this solution for your 16
own organization, we ask you and your colleagues to share your experience and advice wi th us. 17
Comments on this publication may be submitted to: nccoe- zta-project@list.nist.gov . 18
Public comment period: July 7, 2022 through August 8, 2022 19
All comments are subject to release under the Freedom of Information Act. 20
National Cybersecurity Center of Excellence 21
National Institute of Sta ndards and Technology 22
100 Bureau Drive 23
Mailstop 2002 24
Gaithersburg, MD 20899 25
Email: nccoe@nist.gov
26 NIST SP 1800- 35B: Implementing a Zero Trust Arch
NIST.SP.1800-35b-preliminary-draft
安全标准 >
NIST >
文档预览
中文文档
127 页
50 下载
1000 浏览
0 评论
0 收藏
3.0分
温馨提示:本文档共127页,可预览 3 页,如浏览全部内容或当前文档出现乱码,可开通会员下载原始文档
本文档由 思安 于 2022-12-05 09:16:49上传分享