Planning for a Zero Trust Architecture: A Starting Guide for Administrators (Draft)

Rose, Scott

doi:https://doi.org/10.6028/NIST.CSWP.08042021-draft

White Paper (Draft)

Planning for a Zero Trust Architecture: A Starting Guide for Administrators

Date Published: August 4, 2021
Comments Due: September 3, 2021 (public comment period is CLOSED)
Email Questions to: zerotrust-arch@nist.gov

Author(s)

Scott Rose (NIST)

Announcement

This draft white paper provides a high-level overview of the NIST Risk Management Framework (NIST RMF) and how it can help in developing and implementing a zero trust architecture.

Zero trust is a set of cybersecurity principles used by stakeholders to plan and implement an enterprise architecture. Since some of these stakeholders may not be familiar with risk analysis and management, the NIST RMF provides a common set of concepts and tasks to both security planners and system operators.

Abstract

Zero trust is a set of cybersecurity principles used when planning and implementing an enterprise architecture. Input and cooperation from various stakeholders in an enterprise is needed in order for a zero trust architecture to succeed in improving the enterprise security posture. Some of these stakeholders may not be familiar with risk analysis and management. This document provides a quick overview of the NIST Risk Management Framework (NIST RMF) and how the NIST RMF can help in developing and implementing a zero trust architecture.

Keywords

architecture; information technology; risk; zero trust

Control Families

None selected

Documentation

Publication:
White Paper (DOI)

Supplemental Material:
Local Download (pdf)

Document History:
08/04/21: White Paper (Draft)

Topics

Security and Privacy
planning; risk management; zero trust

Technologies
networks

Applications
enterprise

Information Technology Laboratory

Computer Security Resource Center