The National Cybersecurity Center of Excellence within the National Institute of Science and Technology is soliciting public comments on its final draft of the NIST’s implementation guide on zero trust architecture, or ZTA, to help tame cyberattack risks in government and industry. The guide was developed from the findings on NCCoE’s consultations with 24 vendors on their best ZTA practices, NIST said Thursday.
Titled “Implementing a Zero Trust Architecture,” the 45-page guidance contains technical data and findings on the 19 ZTA implementations demonstrated during the vendors’ consultations.
Functional ZTA Cybersecurity Mapping
The implemented ZTAs in the guide include policy engines from Microsoft, IBM, Symantec and Palo Alto Networks. The NCCoE draft publication also provides mappings for ZTA cybersecurity functions to help an organization’s senior management understand that resources spent in ZTA implementation can also support meeting other security requirements.
In addition, the guide recommends steps that an organization adopting ZTA should take, the first of which is an inventory of such assets as software and hardware in its operating environment. Another recommendation calls for continuous ZTA improvement in response to changing cyberthreats, new technologies and shifts in organizational goals.
Submission of comments on the NIST guide have a deadline of Jan. 31.