The National Security Agency (NSA) published on Wednesday the first two products in a series of Zero Trust Implementation Guidelines (ZIGs) to help facilitate skilled practitioners’ implementation of zero trust.
The guidance details the technologies and processes needed to advance toward target-level zero trust capabilities, outlining steps aligned with the Department of Defense’s (DOD) zero trust strategy.
That strategy outlines how the DOD – which the Trump administration has rebranded to the Department of War – plans to fully implement a department-wide zero trust cybersecurity framework by fiscal year 2027.
Under the strategy, defense agencies must meet 91 activities to reach the “target level” of zero trust and a total of 152 activities for “advanced” zero trust.
The two NSA guidance documents published this week – the Primer and the Discovery Phase – cover the 91 target-level activities and 42 target-level capabilities for zero trust. NSA said it plans to publish Phase One and Phase Two documents that are also designed to help practitioners achieve target-level zero trust.
“Phase Three and Phase Four ZIGs cover the Advanced-level and may be developed at a later date,” according to the Primer document.
NSA said the Primer document lays out the strategy and core principles behind the development of the ZIGs, offering a comprehensive framework for how the series should be used.
The Discovery Phase document, according to an NSA press release, is meant to help organizations “establish foundational visibility and understand the critical data, applications, assets, and services, as well as access and authorization activity existing within the architecture.”
NSA recommended that system owners, cybersecurity professionals, and stakeholders review these guidelines to get a better understanding of the DOD’s zero trust activities and their organization’s operational landscape.