Skip to main content
U.S. flag

An official website of the United States government

Official websites use .gov
A .gov website belongs to an official government organization in the United States.

Secure .gov websites use HTTPS
A lock ( ) or https:// means you’ve safely connected to the .gov website. Share sensitive information only on official, secure websites.

Planning a Zero Trust Architecture: A Starting Guide for Federal Administrators



Scott Rose


NIST Special Publication 800-207 defines zero trust is a set of cybersecurity principles used when planning and implementing an enterprise architecture. These principles apply to network identities, endpoints, and data flows. Input and cooperation from various stakeholders in an enterprise is needed in order for a zero trust architecture to succeed in improving the enterprise security posture. Some of these stakeholders may not be familiar with risk analysis and management. This document provides an overview of the NIST Risk Management Framework (NIST RMF) and how the NIST RMF can be applied when developing and implementing a zero trust architecture.
OTHER - 20
Report Number


architecture, cybersecurity, enterprise, network security, risk management, Risk Management Framework, zero trust.


Rose, S. (2022), Planning a Zero Trust Architecture: A Starting Guide for Federal Administrators, OTHER, National Institute of Standards and Technology, Gaithersburg, MD, [online],, (Accessed May 24, 2024)


If you have any questions about this publication or are having problems accessing it, please contact

Created May 6, 2022, Updated August 25, 2023