Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Planning a Zero Trust Architecture: A Starting Guide for Federal Administrators

Published

Author(s)

Scott Rose

Abstract

NIST Special Publication 800-207 defines zero trust is a set of cybersecurity principles used when planning and implementing an enterprise architecture. These principles apply to network identities, endpoints, and data flows. Input and cooperation from various stakeholders in an enterprise is needed in order for a zero trust architecture to succeed in improving the enterprise security posture. Some of these stakeholders may not be familiar with risk analysis and management. This document provides an overview of the NIST Risk Management Framework (NIST RMF) and how the NIST RMF can be applied when developing and implementing a zero trust architecture.
Citation
OTHER - 20
Report Number
20

Keywords

architecture, cybersecurity, enterprise, network security, risk management, Risk Management Framework, zero trust.

Citation

Rose, S. (2022), Planning a Zero Trust Architecture: A Starting Guide for Federal Administrators, OTHER, National Institute of Standards and Technology, Gaithersburg, MD, [online], https://doi.org/10.6028/NIST.CSWP.20, https://tsapps.nist.gov/publication/get_pdf.cfm?pub_id=934243 (Accessed May 24, 2024)

Issues

If you have any questions about this publication or are having problems accessing it, please contact reflib@nist.gov.

Created May 6, 2022, Updated August 25, 2023