Tetrate Enterprise ready service mesh

Why Tetrate
- Our Customers
Products

Products

Tetrate Istio Subscription
CVE free, FIPS-verified, extended enterprise support for Istio with TIS. Add global service registry & troubleshooting with TIS+

TIS: Extended enterprise support TIS+: Global Istio visibility

Pricing
Get the details about our flexible pricing.

Tetrate Enterprise Gateway for Envoy
The enterprise-ready distribution of Envoy Gateway

Get Istio Support
Get the help you need to run your service mesh with confidence.

Tetrate Service Bridge
Enterprise Application Networking and Security Platform.

Why Tetrate Service Bridge How Tetrate Service Bridge Works
Solutions
Learn

Learn

Resources

Blog

Zero Trust Center

Documentation

FAQ

Ebooks & Reports

White Papers

Video

All

Tetrate Academy

Learning Center

Envoy Proxy
Get started with the standard data plane for cloud-native applications.

API Gateway
Simplify app traffic management and improve security with a single point of entry.

Envoy Gateway
Build scalable and resilient apps using Envoy as an application gateway.

Kubernetes Gateway API
Manage K8s ingress with more power than the old Ingress API.

Istio Service Mesh
Connect, manage and secure apps with the industry standard service mesh.

Microservices
Gain agility with services that are separately developed, deployed and scaled.

FIPS
Learn about the security standards for apps running in FedRAMP environments.

Platform Team
Improve application infrastructure with a dedicated team.

Mutual TLS (mTLS)
Ensure secure communication between components of a Zero Trust architecture.

Wasm
Write portable code in multiple languages compiled to a common bytecode format.

Observability
Observe app behavior with telemetry from logs, metrics, traces and events.

Zero Trust Architecture
Improve security for all communication, regardless of network location.
Events
Company
- About Us
- Leadership
- Investors
- Partners
- Newsroom
- Careers
- Get Support
- Contact Us

|

|

Zero Trust and NIST SP 800-207: What CISOs Need to Know

Zero Trust and NIST SP 800-207: What CISOs Need to Know

August 1, 2023 | Author: Tetrate

Service Mesh Architecture

Zero Trust and NIST SP 800-207

Background

In a post-pandemic environment where employees can work from anywhere and on multiple devices, it’s an increasing challenge for organizations to protect their networks from cyber threats using traditional tools and approaches.

The National Institute of Standards and Technology (NIST) is tasked with developing cybersecurity standards and best practices. In its Special Publication 800-207, NIST lays out guidelines on implementing Zero Trust Architecture (ZTA) as a defense against network attacks.

In this article, we’ll discuss the philosophy behind Zero Trust, NIST SP 800-207 recommendations, and what Chief Information Security Officers need to know about both.

What Is NIST SP 800-207?

The National Institute of Standards and Technology SP 800-207 is a special publication entitled, A Zero Trust Architecture Model for Access Control in Cloud-Native Applications in Multi-Cloud Environments.

The document provides guidelines on how to implement Zero Trust Architecture with the following approaches:

Identity and Access Management (IAM): Any user attempting to access the network must pass several layers of authentication.
Network Segmentation: An organization’s network should be broken up into smaller networks in order to prevent lateral movement threats.
Microsegmentation: The organization’s network should be further micro segmented into access levels that correspond to job roles and responsibilities.
Continuous Monitoring: The network should be monitored 24/7 to detect potential threats and to measure network health and traffic patterns.
Automation and Orchestration: Organizations should embrace automation and orchestration in order to streamline security and respond to threats in real time.
Risk Assessment and Adaptive Security: Organizations are encouraged to take a proactive approach with continuous risk assessment and adaptive security measures. Insights gained from observability signals should be fed continuously back into the system to improve policy.

Overall, NIST SP 800-207 stresses the philosophy of “trusting no one” when it comes to network access. Regardless of location, device, or job title, all access to an organization’s network is treated as a potential threat, until proven otherwise.

What Do CISOs Need to Know about NIST SP 800-207?

Once CISOs understand the concept of Zero Trust as laid out in SP 800-207, their main challenge is implementation. This requires a top-down approach with buy-in from all stakeholders.

Key considerations for CISOs implementing NIST SP 800-207 guidelines include:

Performing a thorough risk assessment of the organization’s vulnerabilities and weaknesses
Segmenting networks to allow for different access levels according to job role
Implementing company-wide multi-factor authentication processes and procedures
Automating network security and monitoring

The easiest way to go about implementing Zero Trust Architecture is by using modern security infrastructure with built-in Zero Trust features. Tetrate’s application networking and security platform provides Zero Trust architecture that meets all the rigorous NIST cybersecurity requirements.

Conclusion

By regularly monitoring risks and adapting Zero Trust security protocols accordingly, CISOs can stay in compliance with NIST standards and protect their organization against costly data breaches.

Let's Get In Touch

For more information or a demo request, just drop us a message.