Since the first animal took a bite out of its neighbor, security concerns have driven an ever-escalating evolution of threat and defense. The evolutionary call and response between threat actors and defenders is punctuated by periods of rapid change between periods of stasis.
We are now in such a period of rapid change. The current security landscape presents us with twin competing challenges: cyber attacks have rapidly increased in scale and sophistication while, at the same time, modern, cloud-native architectures have outgrown traditional network security practices.
In an effort to modernize the security posture of federal agencies and private industry to meet these new challenges, the US government has endorsed zero trust network architecture as a way forward. The National Institute of Standards and Technology (NIST), the body tasked with defining the standards and deployment recommendations for zero trust in the enterprise, has authored a series of special publications to do just that.
In this article, the first of two on NIST zero trust standards, we’ll review NIST’s cornerstone paper, SP 800-207: Zero Trust Architecture, which defines the tenets of zero trust network security and offers recommendations for how to adopt it in your organization.