The National Institute of Standards and Technology has published a planning guide for federal administrators outlining an overview of how the NIST Risk Management Framework can be applied in implementing a zero trust architecture.
Scott Rose, a computer scientist within the wireless networks division at NIST’s Communications Technology Laboratory, detailed in the white paper risk management concepts for administrators and operators looking to deploy a zero trust infrastructure to safeguard their network assets against cyber threats, NIST said Friday.
Rose said the RMF lays out an approach that includes a set of steps and tasks integrated into enterprise risk analysis, planning, development and operations. These steps are grouped into seven actions: prepare, categorized, select, implement, assess, authorize and monitor.
“Administrators who normally do not perform the steps and tasks detailed in the RMF may find that they will need to become familiar with them as they migrate to a ZTA,” Rose said.
He noted that zero trust infrastructure implementation will depend on the workflow being analyzed and the resources used in performing that function.
“Zero trust is not a single technology solution, but a larger cybersecurity strategy and operational practice. A successful zero trust architecture requires the cooperation of cybersecurity planners, management, and administration/operations,” Rose added.