Skip to main content

NOTICE: Due to a lapse in annual appropriations, most of this website is not being updated. Learn more.

Form submissions will still be accepted but will not receive responses at this time. Sections of this site for programs using non-appropriated funds (such as NVLAP) or those that are excepted from the shutdown (such as CHIPS and NVD) will continue to be updated.

U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Planning a Zero Trust Architecture: A Starting Guide for Federal Administrators

Published

Author(s)

Scott Rose

Abstract

NIST Special Publication 800-207 defines zero trust is a set of cybersecurity principles used when planning and implementing an enterprise architecture. These principles apply to network identities, endpoints, and data flows. Input and cooperation from various stakeholders in an enterprise is needed in order for a zero trust architecture to succeed in improving the enterprise security posture. Some of these stakeholders may not be familiar with risk analysis and management. This document provides an overview of the NIST Risk Management Framework (NIST RMF) and how the NIST RMF can be applied when developing and implementing a zero trust architecture.
Citation
OTHER - 20
Report Number
20

Keywords

architecture, cybersecurity, enterprise, network security, risk management, Risk Management Framework, zero trust.

Citation

Rose, S. (2022), Planning a Zero Trust Architecture: A Starting Guide for Federal Administrators, OTHER, National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.CSWP.20, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=934243 (Accessed October 6, 2025)

Issues

If you have any questions about this publication or are having problems accessing it, please contact [email protected].

Created May 6, 2022, Updated August 25, 2023
Was this page helpful?