没有合适的资源?快使用搜索试试~ 我知道了~
首页NIST.SP.800-207-Zero Trust Architecture(final).pdf
NIST.SP.800-207-Zero Trust Architecture(final).pdf
需积分: 42 20 下载量 132 浏览量
更新于2023-03-16
评论
收藏 944KB PDF 举报
零信任 NIST.SP.800-207-Zero Trust Architecture(final)
资源详情
资源评论
资源推荐
NIST Special Publication 800-207
Zero Trust Architecture
Scott Rose
Oliver Borchert
Stu Mitchell
Sean Connelly
This publication is available free of charge from:
https://doi.org/10.6028/NIST.SP.800-207
C O M P U T E R S E C U R I T Y
NIST Special Publication 800-207
Zero Trust Architecture
Scott Rose
Oliver Borchert
Advanced Network Technologies Division
Information Technology Laboratory
Stu Mitchell
Stu2Labs
Stafford, VA
Sean Connelly
Cybersecurity & Infrastructure Security Agency
Department of Homeland Security
This publication is available free of charge from:
https://doi.org/10.6028/NIST.SP.800-207
August 2020
U.S. Department of Commerce
Wilbur L. Ross, Jr., Secretary
National Institute of Standards and Technology
Walter Copan, NIST Director and Under Secretary of Commerce for Standards and Technology
Authority
This publication has been developed by NIST in accordance with its statutory responsibilities under the
Federal Information Security Modernization Act (FISMA) of 2014, 44 U.S.C. § 3551 et seq., Public Law
(P.L.) 113-283. NIST is responsible for developing information security standards and guidelines, including
minimum requirements for federal information systems, but such standards and guidelines shall not apply
to national security systems without the express approval of appropriate federal officials exercising policy
authority over such systems. This guideline is consistent with the requirements of the Office of Management
and Budget (OMB) Circular A-130.
Nothing in this publication should be taken to contradict the standards and guidelines made mandatory and
binding on federal agencies by the Secretary of Commerce under statutory authority. Nor should these
guidelines be interpreted as altering or superseding the existing authorities of the Secretary of Commerce,
Director of the OMB, or any other federal official. This publication may be used by nongovernmental
organizations on a voluntary basis and is not subject to copyright in the United States. Attribution would,
however, be appreciated by NIST.
National Institute of Standards and Technology Special Publication 800-207
Natl. Inst. Stand. Technol. Spec. Publ. 800-207, 59 pages (August 2020)
CODEN: NSPUE2
This publication is available free of charge from:
https://doi.org/10.6028/NIST.SP.800-207
Certain commercial entities, equipment, or materials may be identified in this document in order to describe an
experimental procedure or concept adequately. Such identification is not intended to imply recommendation or
endorsement by NIST, nor is it intended to imply that the entities, materials, or equipment are necessarily the best
available for the purpose.
There may be references in this publication to other publications currently under development by NIST in accordance
with its assigned statutory responsibilities. The information in this publication, including concepts and methodologies,
may be used by federal agencies even before the completion of such companion publications. Thus, until each
publication is completed, current requirements, guidelines, and procedures, where they exist, remain operative. For
planning and transition purposes, federal agencies may wish to closely follow the development of these new
publications by NIST.
Organizations are encouraged to review all draft publications during public comment periods and provide feedback to
NIST. Many NIST cybersecurity publications, other than the ones noted above, are available at
https://csrc.nist.gov/publications.
Comments on this publication may be submitted to:
National Institute of Standards and Technology
Attn: Advanced Network Technologies Division, Information Technology Laboratory
100 Bureau Drive (Mail Stop 8920) Gaithersburg, MD 20899-8920
Email: zerotrust-arch@nist.gov
All comments are subject to release under the Freedom of Information Act (FOIA).
NIST SP 800-207 ZERO TRUST ARCHITECTURE
ii
This publication is available free of charge from: https://doi.org/10.6028/NIST.SP.800-207
Reports on Computer Systems Technology
The Information Technology Laboratory (ITL) at the National Institute of Standards and
Technology (NIST) promotes the U.S. economy and public welfare by providing technical
leadership for the Nation’s measurement and standards infrastructure. ITL develops tests, test
methods, reference data, proof of concept implementations, and technical analyses to advance the
development and productive use of information technology. ITL’s responsibilities include the
development of management, administrative, technical, and physical standards and guidelines for
the cost-effective security and privacy of other than national security-related information in federal
information systems. The Special Publication 800-series reports on ITL’s research, guidelines, and
outreach efforts in information system security, and its collaborative activities with industry,
government, and academic organizations.
Abstract
Zero trust (ZT) is the term for an evolving set of cybersecurity paradigms that move defenses
from static, network-based perimeters to focus on users, assets, and resources. A zero trust
architecture (ZTA) uses zero trust principles to plan industrial and enterprise infrastructure and
workflows. Zero trust assumes there is no implicit trust granted to assets or user accounts based
solely on their physical or network location (i.e., local area networks versus the internet) or based
on asset ownership (enterprise or personally owned). Authentication and authorization (both
subject and device) are discrete functions performed before a session to an enterprise resource is
established. Zero trust is a response to enterprise network trends that include remote users, bring
your own device (BYOD), and cloud-based assets that are not located within an enterprise-
owned network boundary. Zero trust focuses on protecting resources (assets, services,
workflows, network accounts, etc.), not network segments, as the network location is no longer
seen as the prime component to the security posture of the resource. This document contains an
abstract definition of zero trust architecture (ZTA) and gives general deployment models and use
cases where zero trust could improve an enterprise’s overall information technology security
posture.
Keywords
architecture; cybersecurity; enterprise; network security; zero trust.
NIST SP 800-207 ZERO TRUST ARCHITECTURE
iii
This publication is available free of charge from: https://doi.org/10.6028/NIST.SP.800-207
Acknowledgments
This document is the product of a collaboration between multiple federal agencies and is
overseen by the Federal CIO Council. The architecture subgroup is responsible for development
of this document, but there are specific individuals who deserve recognition. These include Greg
Holden, project manager of the Federal CIO Council ZTA project; Alper Kerman, project
manager for the NIST/National Cybersecurity Center of Excellence ZTA effort; and Douglas
Montgomery.
Audience
This document is intended to describe zero trust for enterprise security architects. It is meant to
aid understanding of zero trust for civilian unclassified systems and provide a road map to
migrate and deploy zero trust security concepts to an enterprise environment. Agency
cybersecurity managers, network administrators, and managers may also gain insight into zero
trust and ZTA from this document. It is not intended to be a single deployment plan for ZTA as
an enterprise will have unique business use cases and data assets that require safeguards. Starting
with a solid understanding of the organization’s business and data will result in a strong
approach to zero trust.
Trademark Information
All registered trademarks or trademarks belong to their respective organizations.
剩余58页未读,继续阅读
leeghui
- 粉丝: 2
- 资源: 14
上传资源 快速赚钱
- 我的内容管理 收起
- 我的资源 快来上传第一个资源
- 我的收益 登录查看自己的收益
- 我的积分 登录查看自己的积分
- 我的C币 登录后查看C币余额
- 我的收藏
- 我的下载
- 下载帮助
会员权益专享
最新资源
- c++校园超市商品信息管理系统课程设计说明书(含源代码) (2).pdf
- 建筑供配电系统相关课件.pptx
- 企业管理规章制度及管理模式.doc
- vb打开摄像头.doc
- 云计算-可信计算中认证协议改进方案.pdf
- [详细完整版]单片机编程4.ppt
- c语言常用算法.pdf
- c++经典程序代码大全.pdf
- 单片机数字时钟资料.doc
- 11项目管理前沿1.0.pptx
- 基于ssm的“魅力”繁峙宣传网站的设计与实现论文.doc
- 智慧交通综合解决方案.pptx
- 建筑防潮设计-PowerPointPresentati.pptx
- SPC统计过程控制程序.pptx
- SPC统计方法基础知识.pptx
- MW全能培训汽轮机调节保安系统PPT教学课件.pptx
资源上传下载、课程学习等过程中有任何疑问或建议,欢迎提出宝贵意见哦~我们会及时处理!
点击此处反馈
安全验证
文档复制为VIP权益,开通VIP直接复制
信息提交成功
评论0