Announcing Tetrate Agent Operations Director for GenAI Runtime Visibility and Governance

Learn more
< Back

Zero Trust and NIST SP 800-207: What CISOs Need to Know

Background In a post-pandemic environment where employees can work from anywhere and on multiple devices, it’s an increasing challenge for organizatio

Zero%20Trust%20and%20NIST%20SP%20800-207%3A%20What%20CISOs%20Need%20to%20Know

Background

In a post-pandemic environment where employees can work from anywhere and on multiple devices, it’s an increasing challenge for organizations to protect their networks from cyber threats using traditional tools and approaches.

The National Institute of Standards and Technology (NIST) is tasked with developing cybersecurity standards and best practices. In its Special Publication 800-207, NIST lays out guidelines on implementing Zero Trust Architecture (ZTA) as a defense against network attacks.

In this article, we’ll discuss the philosophy behind Zero Trust, NIST SP 800-207 recommendations, and what Chief Information Security Officers need to know about both.

What Is NIST SP 800-207?

The National Institute of Standards and Technology SP 800-207 is a special publication entitled, A Zero Trust Architecture Model for Access Control in Cloud-Native Applications in Multi-Cloud Environments.

The document provides guidelines on how to implement Zero Trust Architecture with the following approaches:

  1. Identity and Access Management (IAM): Any user attempting to access the network must pass several layers of authentication. 
  2. Network Segmentation: An organization’s network should be broken up into smaller networks in order to prevent lateral movement threats. 
  3. Microsegmentation: The organization’s network should be further micro segmented into access levels that correspond to job roles and responsibilities.
  4. Continuous Monitoring: The network should be monitored 24/7 to detect potential threats and to measure network health and traffic patterns.
  5. Automation and Orchestration: Organizations should embrace automation and orchestration in order to streamline security and respond to threats in real time. 
  6. Risk Assessment and Adaptive Security: Organizations are encouraged to take a proactive approach with continuous risk assessment and adaptive security measures. Insights gained from observability signals should be fed continuously back into the system to improve policy.

Overall, NIST SP 800-207 stresses the philosophy of “trusting no one” when it comes to network access. Regardless of location, device, or job title, all access to an organization’s network is treated as a potential threat, until proven otherwise.

What Do CISOs Need to Know about NIST SP 800-207?

Once CISOs understand the concept of Zero Trust as laid out in SP 800-207, their main challenge is implementation. This requires a top-down approach with buy-in from all stakeholders. 

Key considerations for CISOs implementing NIST SP 800-207 guidelines include:

  • Performing a thorough risk assessment of the organization’s vulnerabilities and weaknesses
  • Segmenting networks to allow for different access levels according to job role
  • Implementing company-wide multi-factor authentication processes and procedures
  • Automating network security and monitoring

The easiest way to go about implementing  Zero Trust Architecture is by using modern security infrastructure with built-in Zero Trust features. Tetrate’s application networking and security platform provides Zero Trust architecture that meets all the rigorous NIST cybersecurity requirements.

Conclusion

By regularly monitoring risks and adapting Zero Trust security protocols accordingly, CISOs can stay in compliance with NIST standards and protect their organization against costly data breaches.

Product background Product background for tablets
New to service mesh?

Get up to speed with free online courses at Tetrate Academy and quickly learn Istio and Envoy.

Learn more
Using Kubernetes?

Tetrate Enterprise Gateway for Envoy (TEG) is the easiest way to get started with Envoy Gateway for production use cases. Get the power of Envoy Proxy in an easy-to-consume package managed via the Kubernetes Gateway API.

Learn more
Getting started with Istio?

Tetrate Istio Subscription (TIS) is the most reliable path to production, providing a complete solution for running Istio and Envoy securely in mission-critical environments. It includes:

  • Tetrate Istio Distro – A 100% upstream distribution of Istio and Envoy.
  • Compliance-ready – FIPS-verified and FedRAMP-ready for high-security needs.
  • Enterprise-grade support – The ONLY enterprise support for 100% upstream Istio, ensuring no vendor lock-in.
  • Learn more
    Need global visibility for Istio?

    TIS+ is a hosted Day 2 operations solution for Istio designed to streamline workflows for platform and support teams. It offers:

  • A global service dashboard
  • Multi-cluster visibility
  • Service topology visualization
  • Workspace-based access control
  • Learn more
    Decorative CTA background pattern background background
    Tetrate logo in the CTA section Tetrate logo in the CTA section for mobile

    Ready to enhance your
    network

    with more
    intelligence?