The NIST Zero Trust Architecture (ZTA) framework is a set of cybersecurity paradigms that shift defenses away from static network perimeters to focus on users, resources, and assets. This model uses the principles of zero trust to plan the management of industrial and business infrastructure and workflows.
- Eliminate implicit trust: Do not grant implicit trust to assets or user accounts based solely on their physical or network location.
- Protect resources: Focus on protecting resources (assets, services, workflows, network accounts, etc.) rather than network segments.
- Adapt to modern trends: Respond to network trends including remote users, Bring Your Own Device (BYOD), and cloud-based assets.
The framework applies to any organization that wishes to improve its cybersecurity posture. It is particularly useful for companies operating in multi-cloud, hybrid environments with a distributed workforce.
- Continuous authentication and authorization: Every connection must be authenticated and authorized before establishing a session with a business resource.
- Continuous monitoring: Continuously monitor users and devices to ensure that access and privileges are granted only when necessary.
- Principle of least privilege: Grant privileged access only when necessary and revoke it immediately afterward.
The NIST Zero Trust Architecture framework was first published in August 2020 and is continuously updated to address new threats and technologies.
Original document here: Zero Trust Architecture NIST