NIST announces the publication of a Cybersecurity White Paper (CSWP), Planning for a Zero Trust Architecture: A Guide for Federal Administrators, which describes processes for migrating to a zero-trust architecture using the NIST Risk Management Framework (RMF).
Zero trust is a set of principles designed to reduce or remove implicit trust in networked systems by addressing network identity, endpoint health, and data flows.
This white paper helps system administrators and operators use the RMF when designing and implementing zero-trust architecture by describing how the steps in the RMF map to similar steps described in NIST Special Publication (SP) 800-207, Zero Trust Architecture.
The document also provides an abstract logical architecture on which to map gaps and solutions, as well as additional resources for federal agency administrators, planners, and managers.
NIST Special Publication 800-207 defines zero trust as a set of cybersecurity principles used when planning and implementing an enterprise architecture.
These principles apply to endpoints, services, and data flows. Input and cooperation from various stakeholders in an enterprise is needed for a zero-trust architecture to succeed in improving the enterprise security posture.
Some of these stakeholders may not be familiar with risk analysis and management.
The publication provides an overview of the NIST Risk Management Framework (NIST RMF) and how the NIST RMF can be applied when developing and implementing a zero-trust architecture.