Rose, S.
(2022),
Planning a Zero Trust Architecture: A Starting Guide for Federal Administrators, OTHER, National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.CSWP.20, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=934243
(Accessed October 8, 2025)
Official websites use .gov
A .gov website belongs to an official government organization in the United States.
Secure .gov websites use HTTPS
A lock (
) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.
Planning a Zero Trust Architecture: A Starting Guide for Federal Administrators
Published
Author(s)
Abstract
NIST Special Publication 800-207 defines zero trust is a set of cybersecurity principles used when planning and implementing an enterprise architecture. These principles apply to network identities, endpoints, and data flows. Input and cooperation from various stakeholders in an enterprise is needed in order for a zero trust architecture to succeed in improving the enterprise security posture. Some of these stakeholders may not be familiar with risk analysis and management. This document provides an overview of the NIST Risk Management Framework (NIST RMF) and how the NIST RMF can be applied when developing and implementing a zero trust architecture.Citation
OTHER - 20
Report Number
20
NIST Pub Series
Pub Type
NIST Pubs
Download Paper
Keywords
architecture, cybersecurity, enterprise, network security, risk management, Risk Management Framework, zero trust.
Citation
Issues
If you have any questions about this publication or are having problems accessing it, please contact [email protected].
Created May 6, 2022, Updated August 25, 2023