We are excited to share that the National Institute of Standards and Technology (NIST) has just published the initial public draft of NIST Special Publication (SP) 1800-35, Implementing a Zero Trust Architecture. This publication marks a significant milestone in collaborative efforts between government and industry, led by the National Cybersecurity Center of Excellence (NCCoE) at the NIST.
“F5 is honored to be part of this collaboration with NIST's NCCoE,” says Peter Kersten, Vice President of Sales – Public Sector at F5. “The release of the initial public draft of NIST SP 1800-35 is a key development that will guide organizations in implementing these robust security strategies.”
The goal of this NCCoE project is to demonstrate several example zero trust architecture (ZTA) solutions applied to conventional, general-purpose enterprise IT infrastructures. The proposed example solutions integrate commercial and open-source products that leverage cybersecurity standards and recommended practices to showcase zero trust’s robust security features. These solutions are designed and deployed according to the principles documented in NIST SP 1800-207 (Zero Trust Architecture).
The initiative aims to develop practical, interoperable cybersecurity approaches that show how the components of zero trust architectures can securely mitigate risks and meet industry sectors’ compliance requirements. The project also strives to:
“The NCCoE is leading a collaborative project with 24 industry participants to demonstrate zero trust security strategies per the ZTA guidance in NIST SP 1800-35,” says Alper Kerman, Principal Lead for the Zero Trust Program at NCCoE. “The NCCoE’s ZTA team and project participants are using commercially available technologies to implement and showcase ZTA implementations to secure and mitigate cybersecurity risks for users accessing resources in hybrid enterprise environments.”
In addition to F5, this collaboration includes participants such as Amazon Web Services (AWS), Appgate, Cisco, FireEye, Forescout, IBM, Ivanti, McAfee, Microsoft, Okta, Palo Alto Networks, PC Matic, Radiant Logic, SailPoint Technologies, Symantec (Broadcom), Tenable, and Zscaler. (The NIST does not evaluate commercial products under this consortium and does not endorse any product or service used. Additional information on this consortium can be found at https://www.nccoe.nist.gov/projects/implementing-zero-trust-architecture.)
Kersten concludes, “F5 looks forward to continuing our strong partnerships, resulting in reference architectures and demonstrations of various interactive, integrated design approaches for a zero trust architecture that upholds the principles and tenets published in the NIST SP 1800-35.”
Stay tuned for more updates as we work together to advance the implementation of zero trust security strategies and enhance the cybersecurity landscape.
For more information on the “Implementing a Zero Trust Architecture Project,” please click here. Learn more about F5 BIG-IP Access Policy Manager (APM).