The National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) is looking for public feedback on the draft of its new practice guide, Implementing a Zero Trust Architecture.
The publication aims to remove the complexity around building a zero trust architecture (ZTA), helping organizations to move to a ZTA gradually over time.
The insights in the guide are based on a project at the NCCoE in collaboration with 24 technology providers. Together, the NCCoE and vendors demonstrated 19 sample zero trust architecture implementations in lab environments.
“Detailed technical information for each sample implementation can serve as a valuable resource for technology implementers by providing models they can replicate,” NIST said in a Dec. 4 announcement. “The lessons learned from the implementations and integrations can help organizations save time and resources.”
The guide lists the 19 example implementations in a table format with links to additional details such as technologies used, build architecture, flow diagrams, and instructions for each implementation.
The build implementation instructions “are designed to enable information technology professionals to replicate all or parts of this project,” the guide says.
Organizations can see which build best suits them by first identifying which of the ZTA approaches – enhanced identity governance (EIG), software-defined perimeter (SDP), microsegmentation, or secure access service edge (SASE) – meets their needs. Based on their selection, organizations can then click on the links in the table to view the details of the relevant builds.
“This is the last draft being released for comment before the document will be finalized,” NIST said. The agency is looking for comments on the draft guide by Jan. 31, 2025.
