dido:public:ra:xapend:xapend.b_stds:tech:nist:zta
Differences
This shows you the differences between two versions of the page.
| Both sides previous revision Previous revision Next revision | Previous revision | ||
|
dido:public:ra:xapend:xapend.b_stds:tech:nist:zta [2021/07/06 18:23] nick |
dido:public:ra:xapend:xapend.b_stds:tech:nist:zta [2021/08/18 11:50] (current) murphy |
||
|---|---|---|---|
| Line 1: | Line 1: | ||
| ===== NIST: SP 800-207: Zero Trust Architecture (ZTA) ===== | ===== NIST: SP 800-207: Zero Trust Architecture (ZTA) ===== | ||
| - | [[dido:public:ra:xapend:xapend.b_stds:tech:nist| return to the NIST Standards ]] | + | [[dido:public:ra:xapend:xapend.b_stds:tech:nist:start| return to the NIST Standards ]] |
| <table> | <table> | ||
| Line 24: | Line 24: | ||
| //This complex enterprise has led to the development of a new model for cybersecurity known as | //This complex enterprise has led to the development of a new model for cybersecurity known as | ||
| - | “zero-trust” (ZT). A ZT approach is primarily focused on data and service protection but can and | + | [[dido:public:ra:xapend:xapend.a_glossary:z:zero-trust]]. A ZT approach is primarily focused on data and service protection but can and |
| should be expanded to include all enterprise assets (devices, infrastructure components, | should be expanded to include all enterprise assets (devices, infrastructure components, | ||
| applications, virtual and cloud components) and subjects (end-users, applications, and other nonhuman entities that request information from resources). Throughout this document, “subject” | applications, virtual and cloud components) and subjects (end-users, applications, and other nonhuman entities that request information from resources). Throughout this document, “subject” | ||
| will be used unless the section relates directly to a human end-user in which “user” will be | will be used unless the section relates directly to a human end-user in which “user” will be | ||
| - | specifically used instead of the more generic “subject.” Zero trust security models assume that an | + | specifically used instead of the more generic “subject.” [[dido:public:ra:xapend:xapend.a_glossary:z:zero-trust_model|Zero trust security models]] assume that an |
| attacker is present in the environment and that an enterprise-owned environment is no | attacker is present in the environment and that an enterprise-owned environment is no | ||
| different—or no more trustworthy—than any nonenterprise-owned environment. In this new | different—or no more trustworthy—than any nonenterprise-owned environment. In this new | ||
| Line 38: | Line 38: | ||
| posture of each access request.// | posture of each access request.// | ||
| - | //A zero trust architecture (ZTA) is an enterprise cybersecurity architecture that is based on zero | + | //A [[dido:public:ra:xapend:xapend.a_glossary:z:zta]] is an enterprise cybersecurity architecture that is based on zero |
| - | trust principles and designed to prevent data breaches and limit internal lateral movement. This | + | trust principles and designed to prevent [[dido:public:ra:xapend:xapend.a_glossary:d:data_breach|data breaches]] and limit internal lateral movement. This |
| publication discusses ZTA, its logical components, possible deployment scenarios, and threats. It | publication discusses ZTA, its logical components, possible deployment scenarios, and threats. It | ||
| also presents a general road map for organizations wishing to migrate to a zero-trust design | also presents a general road map for organizations wishing to migrate to a zero-trust design | ||
| Line 56: | Line 56: | ||
| processes.// | processes.// | ||
| - | Organizations need to implement comprehensive information security and resiliency practices | + | Organizations need to implement comprehensive [[dido:public:ra:xapend:xapend.a_glossary:i:is|information security]] and resiliency practices |
| for zero-trust to be effective. When balanced with existing cybersecurity policies and guidance, | for zero-trust to be effective. When balanced with existing cybersecurity policies and guidance, | ||
| identity and access management, continuous monitoring, and best practices, a ZTA can protect | identity and access management, continuous monitoring, and best practices, a ZTA can protect | ||
dido/public/ra/xapend/xapend.b_stds/tech/nist/zta.1625610187.txt.gz · Last modified: 2021/07/06 18:23 by nick
