The National Institute of Standards and Technology’s (NIST) National Cybersecurity Center of Excellence (NCCoE) has selected technology collaborators who have signed a Cooperative Research and Development Agreement with NIST for its “Implementing a Zero Trust Architecture” project.
Selected were Amazon Web Services, Appgate, Cisco, F5 Networks, FireEye, Forescout, IBM, Ivanti, Lookout, McAfee, Microsoft, Okta, Palo Alto Networks, PC Matic, Radiant Logic, SailPoint Technologies, Symantec (Broadcom), Tenable and Zscaler.
This project is moving into the design and build phase. You can learn more about the NCCoE project on zero trust by reading the Implementing a Zero Trust Architecture Project Description. A brief overview of the project is also available in this two-page fact sheet.
The proliferation of cloud computing, mobile device use, and the Internet of Things has dissolved traditional network boundaries. Hardened network perimeters alone are no longer effective for providing enterprise security in a world of increasingly sophisticated threats. Zero trust is a design approach to architecting an information technology (IT) environment that could reduce an organization’s risk exposure in a “perimeter-less” world.
The NCCoE initiated this project in collaboration with industry participants to demonstrate several approaches to a zero trust architecture—applied to a conventional, general purpose enterprise IT infrastructure—which will be designed and deployed according to the concepts and tenets documented in NIST Special Publication (SP) 800-207, Zero Trust Architecture. The example implementations will integrate commercial and open-source products that leverage cybersecurity standards and recommended practices to showcase the robust security features of zero trust architectures. For further reference, see the Federal Register Notice or the project description.
This project will result in a NIST Cybersecurity Practice Guide, a publicly available description of the practical steps needed to implement the cybersecurity reference designs for zero trust.
Organizations participating in this project submitted their capabilities in response to an open call in the Federal Register for all sources of relevant security capabilities from academia and industry (vendors and integrators).