The National Security Agency has published Phase One and Phase Two of its Zero Trust Implementation Guidelines, or ZIGs, to provide organizations with activities needed to advance their cybersecurity journeys.
Phase One and Phase Two outline a total of 77 activities organizations can follow to transition their zero trust implementation from discovery to target-level maturity, the agency said Friday.
The ZIG series organizes the 152 activities in the Department of War’s Zero Trust Strategy.
Military leaders will provide an update on the zero trust implementation within their respective organizations ahead of the DOW’s 2027 deadline at the Potomac Officers Club’s 2026 Cyber Summit on May 21. Get your tickets here.
Table of Contents
What Are the Zero Trust Implementation Guidelines?
The guidelines offer a five-phase approach to zero trust implementation, allowing organizations to customize activities to align with their unique requirements and goals.
NSA issued the first documents, Primer and Discovery Phase, under the ZIG series in January. The Discovery Phase is intended to enable organizations to identify critical data, applications, assets and services to be prioritized for zero trust implementation.
What Do the Phase One and Phase Two Guidelines Cover?
Phase One provides 36 activities that focus on establishing a secure foundation for supporting 30 zero trust capabilities, including multi-factor authentication, privileged access management, and federation and user credentialing.
Phase Two describes 41 additional activities that initiate the integration of core zero trust tools and enables 34 advanced capabilities. The document aligns with overarching guidance from the Pentagon, the Cybersecurity and Infrastructure Security Agency and the National Institute of Standards and Technology.
Related Articles
U.S. defense contractors, tech companies, government agencies and academia are collaborating to develop a next-generation, multi-layered missile defense shield for the homeland against hypersonic, ballistic and cruise missiles, requiring massive scaling of production, artificial intelligence integration and advancements in space-based sensors and interceptors. This defense shield, dubbed the Golden Dome, is President Donald Trump’s dream for the Pentagon. Be informed of the latest Golden Dome opportunities at the Potomac Officers Club’s 2026 GovCon Executive Leadership Summit on Feb. 26! Peder Jungck, vice president and chief technology officer of BAE Systems’ intelligence and security sector, is among the panel speakers on the
The Senate has confirmed President Donald Trump’s nominee, Gen. John Lamontagne, as the new vice chief of staff of the U.S. Air Force. According to congressional records, lawmakers voted to confirm Lamontagne on Friday. Meet top U.S. Air Force leaders at the Potomac Officers Club’s 2026 Air and Space Summit on July 30. Secure your tickets here. Who Is John Lamontagne? Lamontagne has served as commander of Air Mobility Command since September 2024. AMC, the U.S. Transportation Command’s air component, provides global airlift, air refueling, aeromedical evacuation and senior leader transport services for the joint force, allies and partners worldwide.
The General Services Administration has issued an updated IT security procedural guide outlining processes to ensure that nonfederal systems and organizations protect controlled unclassified information, or CUI, in accordance with the requirements of GSA and the National Institute of Standards and Technology. As federal agencies continue to update guidance on how contractors protect sensitive information, events like the Potomac Officers Club’s 2026 Cyber Summit offer an opportunity to stay informed about the broader federal cyber environment. Register early to save your seat at this May 21 event! Issued on Jan. 5, the document, Protecting CUI in Nonfederal Systems and Organizations