The National Institute of Standards and Technology (NIST) - National Cybersecurity Center of Excellence (NCCoE)) released for public comment (open until Sept. 3): “Implementing a Zero Trust Architecture (NIST SP 1800-35 v.4)”
This guide outlines #bestpractices for the implementation of #zerotrust architectures (ZTAs) to assist organizations with implementing a plan to gradually evolve their existing environments and technologies to #ZTAs over time.
Further, the guide recommends that organizations wanting to deploy and implement #ZT embark on a journey that includes the following steps:
- Discover and inventory the existing environment;
- Formulate access policy to support the mission and business use cases;
- Identify existing #security capabilities and technology;
- Eliminate gaps in ZT policy and processes by applying a risk-based approach based on the value of #data;
- Implement #ZTA components (people, process, and technology) and incrementally leverage deployed security solutions;
- Verify the implementation to support ZT outcomes;
- Continuously improve and evolve due to changes in threat landscape, mission, technology, and regulations.
By following the guide, organizations should be better positioned to implement a ZTA that:
- Supports user access to resources regardless of user location or device (managed or unmanaged);
- Protects sensitive #information and other business assets and processes regardless of their location (on-premises or #cloud-based);
-Limits #breaches by making it harder for attackers to move through an environment and by addressing insider #threats;
- Performs continuous, real-time monitoring, logging, and #risk-based assessment and enforcement of corporate policy.
Wow, it looks like GovCIO does an amazing job to attract rock star talent!! #LeanIn