Security Posture
Istio

NIST Standards for Zero Trust: the SP 800-204 Series

Introduction

This is the second installment in a two-part series on NIST standards for zero trust security. The first installment covers NIST Special Publication (SP) 800-207, which lays the groundwork for zero trust principles for the enterprise, but makes no specific implementation recommendations. 

The follow-up series is made up of four special publications: SP 800-204, SP 800-204A, 800-204B, and 800-204C. This series is co-authored with NIST by Tetrate founding engineer Zack Butcher and takes up where SP 800-207 leaves off.

This series provides security strategies for microservices applications. It mostly focuses on communications between services and between services and a control plane, as described below, under the header Threat Background. In this article, we’ll present an overview of the most important concepts, best practices, and specific deployment recommendations in each of the four papers of the SP 800-204 series:

Read More
Zack Butcher on SP 800-204B
Envoy Proxy & GetEnvoy, Istio, Service Mesh, Tetrate, Wasm

NIST-Tetrate 2022 Conference Talks: NIST Standards for Service Mesh

At the joint NIST-Tetrate conference this year on ZTA and DevSecOps for Cloud Native Applications, Tetrate founding engineer Zack Butcher offered a deep dive into new publications in the NIST SP 800-204 series that sets the standards on security for the use of microservices architecture for the US Government. In this article, we’ll provide a brief overview of Zack’s talk, with a link to a full recording for all the details.

Read More
Zero Trust Architecture
Tetrate

NIST SP 800-207: Laying the Groundwork for Zero Trust Architecture

Background

Since the first animal took a bite out of its neighbor, security concerns have driven an ever-escalating evolution of threat and defense. The evolutionary call and response between threat actors and defenders is punctuated by periods of rapid change between periods of stasis.  

We are now in such a period of rapid change. The current security landscape presents us with twin competing challenges: cyber attacks have rapidly increased in scale and sophistication while, at the same time, modern, cloud-native architectures have outgrown traditional network security practices.

In an effort to modernize the security posture of federal agencies and private industry to meet these new challenges, the US government has endorsed zero trust network architecture as a way forward. The National Institute of Standards and Technology (NIST), the body tasked with defining the standards and deployment recommendations for zero trust in the enterprise, has authored a series of special publications to do just that. 

In this article, the first of two on NIST zero trust standards, we’ll review NIST’s cornerstone paper, SP 800-207: Zero Trust Architecture, which defines the tenets of zero trust network security and offers recommendations for how to adopt it in your organization.

Read More
microservices applications using a service mesh
ABAC, NGAC, Security, Tetrate, Zero Trust

NIST-Tetrate 2021 Conference Talk: ABAC for microservices applications using a service mesh

Access control is fundamental to application security. Modern applications, more than ever, need a flexible access control mechanism that can succinctly express access rules, take into account a large number of objects and dynamic runtime attributes, and be evaluated efficiently at runtime. These rules must also be both intelligible and auditable so the current state of access policy enforcement is knowable and can be easily understood. 

Read More