NIST published the Special Publication 800-207 which “defines zero trust as a set of cybersecurity principles used when planning and implementing an enterprise architecture. These principles apply to endpoints, services, and data flows. Input and cooperation from various stakeholders in an enterprise is needed for a zero trust architecture to succeed in improving the enterprise security posture.” The May 6, 2022 White Paper is entitled “Planning for a Zero Trust Architecture: A Planning Guide for Federal Administrators” which included these comments:
Zero trust provides a collection of concepts designed to minimize uncertainty in enforcing accurate, least privilege per-request access decisions in information systems and services in the face of a network viewed as contested.
That is, there may be a malicious actor on the network that can intercept or initiate communication.
Zero trust is fundamentally comprised of a set of principles upon which information technology architectures are planned, deployed, and operated.
Zero trust uses a holistic view that considers potential risks to a given mission or business process and how they are mitigated.
As such, there is no single specific zero trust infrastructure implementation or architecture.
Zero trust solutions depend on the workflow (i.e., part of the enterprise mission) being analyzed and the resources that are used in performing that workflow.
Zero trust strategic thinking can be used to plan and implement an enterprise IT infrastructure, this plan is called a zero trust architecture (ZTA).
Of course this for Federal Administrators…what about your non-government operations?