U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

PUBLICATIONS

Implementing a Zero Trust Architecture: High-Level Document

Published

Author(s)

Alper Kerman, Oliver Borchert, Gema Howell, Scott Rose, Murugiah Souppaya, Jason Ajmo, Yemi Fashina, Parisa Grayeli, Joseph Hunt, Jason Hurlburt, Nedu Irrechukwu, Joshua Klosterman, Oksana Slivina, Susan Symington, Allen Tan, Karen Scarfone, William Barker, Peter Gallagher, Aaron Palermo, Madhu Balaji, Adam Cerini, Rajarshi Das, Jacob Barosin, Kyle Black, Scott Gordon, Jerry Haskins, Keith Luck, Dale McKay, Sunjeet Randhawa, Brian Butler, Mike Delaguardia, Matthew Hyatt, Randy Martin, Peter Romness, Corey Bonnell, Dean Coclin, Ryan Johnson, Dung Lam, Darwin Tolbert, Tim Jones, Tom May, Christopher Altman, Alex Bauer, Marco Genovese, Andrew Campagna, John Dombroski, Adam Frank, Nalini Kannan, Priti Patil, Harmeet Singh, Mike Spisak, Krishna Yellepeddy, Nicholas Herrmann, Corey Lund, Farhan Saifudin, Madhu Dodda, Tim LeMaster, Ken Durbin, James Elliott, Earl Matthews, David Pricer, Joey Cruz, Tarek Dawoud, Carmichael Patton, Alex Pavlovsky, Brandon Stephenson, Clay Taylor, Bob Lyons, Vinu Panicker, Peter Bjork, Hans Drolshagen, Imran Bashir, Ali Haider, Nishit Kothari, Sean Morgan, Seetal Patel, Norman Wong, Zack Austin, Shawn Higgins, Rob Woodworth, Mitchell Lewars, Bryan Rosensteel, Don Coltrain, Wade Ellery, Deborah McGinn, Frank Briguglio, Ryan Tighe, Chris Jensen, Joshua Moll, Jason White, Joe Brown, Gary Bradt, Jeffrey Adorno, Syed Ali, Bob Smith

Abstract

A zero trust architecture (ZTA) enables secure authorized access to enterprise resources that are distributed across on-premises and multiple cloud environments, while enabling a hybrid workforce and partners to access resources from anywhere, at any time, from any device in support of the organization's mission. This NIST Cybersecurity Practice Guide explains how organizations can implement ZTA consistent with the concepts and principles outlined in NIST Special Publication (SP) 800-207, Zero Trust Architecture. The NCCoE worked with 24 collaborators under Cooperative Research and Development Agreements (CRADAs) to integrate commercially available technology to build 19 ZTA example implementations and demonstrate a number of common use cases. The Guide includes detailed technical information on each example ZTA implementation, providing models that organizations can emulate. The guide also summarizes best practices and lessons learned from the implementations and integrations to make it easier and more cost-effective to implement ZTA. Additionally, this guide includes mappings of ZTA principles and technologies to commonly used security standards and guidelines.
Citation
Special Publication (NIST SP) - 1800-35
Report Number
1800-35
NIST Pub Series
Special Publication (NIST SP)
Pub Type
NIST Pubs

Download Paper

https://doi.org/10.6028/NIST.SP.1800-35
Local Download

Keywords

enhanced identity governance (EIG), identity, credential, and access management (ICAM), microsegmentation, secure access service edge (SASE), software-defined perimeter (SDP), zero trust, zero trust architecture (ZTA).
Information technology

Citation

Kerman, A. , Borchert, O. , Howell, G. , Rose, S. , Souppaya, M. , Ajmo, J. , Fashina, Y. , Grayeli, P. , Hunt, J. , Hurlburt, J. , Irrechukwu, N. , Klosterman, J. , Slivina, O. , Symington, S. , Tan, A. , Scarfone, K. , Barker, W. , Gallagher, P. , Palermo, A. , Balaji, M. , Cerini, A. , Das, R. , Barosin, J. , Black, K. , Gordon, S. , Haskins, J. , Luck, K. , McKay, D. , Randhawa, S. , Butler, B. , Delaguardia, M. , Hyatt, M. , Martin, R. , Romness, P. , Bonnell, C. , Coclin, D. , Johnson, R. , Lam, D. , Tolbert, D. , Jones, T. , May, T. , Altman, C. , Bauer, A. , Genovese, M. , Campagna, A. , Dombroski, J. , Frank, A. , Kannan, N. , Patil, P. , Singh, H. , Spisak, M. , Yellepeddy, K. , Herrmann, N. , Lund, C. , Saifudin, F. , Dodda, M. , LeMaster, T. , Durbin, K. , Elliott, J. , Matthews, E. , Pricer, D. , Cruz, J. , Dawoud, T. , Patton, C. , Pavlovsky, A. , Stephenson, B. , Taylor, C. , Lyons, B. , Panicker, V. , Bjork, P. , Drolshagen, H. , Bashir, I. , Haider, A. , Kothari, N. , Morgan, S. , Patel, S. , Wong, N. , Austin, Z. , Higgins, S. , Woodworth, R. , Lewars, M. , Rosensteel, B. , Coltrain, D. , Ellery, W. , McGinn, D. , Briguglio, F. , Tighe, R. , Jensen, C. , Moll, J. , White, J. , Brown, J. , Bradt, G. , Adorno, J. , Ali, S. and Smith, B. (2025), Implementing a Zero Trust Architecture: High-Level Document, Special Publication (NIST SP), National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.SP.1800-35, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=959793 (Accessed June 13, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created June 10, 2025
Was this page helpful?