The National Institute of Standards and Technology has released draft guidelines for implementing a “zero-trust” architecture for government networks in line with existing cybersecurity requirements. Zero-trust architecture is mostly focused on data protection but can also be applied to functionalities at an enterprise level.
According to NIST, ZTA can support agencies’ information technology modernization operations including cloud migration and continuous diagnostics and mitigation. A ZTA-based enterprise environment also warrants constant risk assessments as though hostile elements are already in place within a network.
“Organizations need to implement effective information security and resiliency practices for zero trust to be effective,” the document stated. “When complemented with existing cybersecurity policies and guidance, identity and access management, continuous monitoring, and general cybersecurity, ZTA can reinforce an organization’s security posture using a managed risk approach and protect against common threats.”
NIST will accept feedback on the guidelines through Nov. 22.