The National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) on June 11 published its final practice guide – Implementing a Zero Trust Architecture (NIST SP 1800-35).
The guide, NIST said, “outlines results and best practices from the NCCoE effort featuring work with 24 vendors to demonstrate end-to-end Zero Trust Architectures.”
In total, the guide demonstrates 19 sample zero trust architecture implementations, the agency said.
“Detailed technical information for each sample implementation can serve as a valuable resource for technology implementers by providing models they can replicate,” NIST said, adding that “the best practices and lessons learned from the implementations and integrations can help organizations save time and resources.”
“Switching from traditional protection to zero trust requires a lot of changes. You have to understand who’s accessing what resources and why,” commented Alper Kerman, a NIST computer scientist and co-author of the publication.
“Also, everyone’s network environments are different, so every ZTA is a custom build. It’s not always easy to find ZTA experts who can get you there,” Kerman added.
“This guidance gives you examples of how to deploy ZTAs and emphasizes the different technologies you need to implement them,” Kerman said. “It can be a foundational starting point for any organization constructing its own ZTA.”