Planning for a Zero Trust Architecture: A Starting Guide for Administrators (Withdrawn)

Rose, Scott

doi:https://doi.org/10.6028/NIST.CSWP.20.ipd

NIST CSWP 20 (Initial Public Draft)

Obsoleted on May 06, 2022 by CSWP 20

Planning for a Zero Trust Architecture: A Starting Guide for Administrators

Date Published: August 4, 2021
Comments Due: September 3, 2021 (public comment period is CLOSED)
Email Questions to: zerotrust-arch@nist.gov

Author(s)

Scott Rose (NIST)

Announcement

This draft white paper provides a high-level overview of the NIST Risk Management Framework (NIST RMF) and how it can help in developing and implementing a zero trust architecture.

Zero trust is a set of cybersecurity principles used by stakeholders to plan and implement an enterprise architecture. Since some of these stakeholders may not be familiar with risk analysis and management, the NIST RMF provides a common set of concepts and tasks to both security planners and system operators.

Abstract

Zero trust is a set of cybersecurity principles used when planning and implementing an enterprise architecture. Input and cooperation from various stakeholders in an enterprise is needed in order for a zero trust architecture to succeed in improving the enterprise security posture. Some of these stakeholders may not be familiar with risk analysis and management. This document provides a quick overview of the NIST Risk Management Framework (NIST RMF) and how the NIST RMF can help in developing and implementing a zero trust architecture.

Keywords

architecture; information technology; risk; zero trust

Control Families

None selected

Documentation

Publication:
https://doi.org/10.6028/NIST.CSWP.20.ipd
Download URL

Supplemental Material:
Local Download (pdf)

Document History:
08/04/21: CSWP 20 (Draft)
05/06/22: CSWP 20 (Final)

Topics

Security and Privacy

planning, risk management, zero trust

Technologies

networks

Applications

enterprise