NIST SP 800-207A
Setting the Standards for Zero Trust
Tetrate works with the National Institute of Standards and Technology (NIST) to define and promote the federal guidelines for Zero Trust. NIST SP 800-207A is now in public review and provides organizations with systemic guidelines for updating network and microservices security using a service mesh. Other publications in the SP 800-204 series, co-authored by Tetrate founding engineer Zack Butcher, include:
SP 800-204A
Building Secure Microservices-based Applications Using Service-Mesh Architecture
Download Now arrow_forward
SP 800-204B
Attribute-based Access Control for Microservices-based Applications Using a Service Mesh
Download Now arrow_forward
SP 800-204C
Implementation of DevSecOps for a Microservices-based Application with Service Mesh
Download Now arrow_forwardZero Trust and NIST 800-207
As a response to the increasing number of high profile security breaches, the Biden administration issued Executive Order 14028 mandating U.S. Federal Agencies adhere to NIST 800-207 as a required step for Zero Trust implementation. With this mandate, the federal government is signaling that Zero Trust is essential to combating today’s cybersecurity challenges. As a result, the standard has gone through heavy validation and inputs from a range of commercial customers, vendors and government agencies stakeholders – which is why SP 800-207 is now considered the defacto standard for the enterprise as well.
Zero Trust addresses the following key principles based on the NIST guidelines:
Security-first design principles
Including isolated network virtualization, granular separation of duties and least privilege access with built-in security to reduce risk.
Continuous verification
Continuous verification means no trusted zones, credentials, or devices at any time. Always verify access, all the time, for all resources.
Automate context collection and response
Automate threat mitigation and remediation to reduce complexity and prevent human error. Incorporate behavioral data and get context from the entire IT stack (identity, endpoint, workload) for the most accurate response.
Limit the “blast radius”
Minimizing the impact of a breach is critical. Zero Trust limits the scope of credentials or access paths for an attacker, giving time for systems and people to respond and mitigate the attack.
Achieving Zero Trust Security with a Service Mesh
At Tetrate, we align to the NIST 800-207 principles for Zero Trust. Tetrate’s industry-leading Application Networking and Security Platform built on open source Istio and Envoy, enables any organization to adhere to best practices such as reducing implicit trust boundaries and implementing individual API gateways for each service, as suggested by CISA and NIST. With Tetrate, organizations can implement a Zero Trust approach across devices, endpoints, apps, network and data while maintaining the level of security they need – one that trusts nothing and authenticates and authorizes everything. With Tetrate you can:
Additional Resources
Start Your Zero Trust Journey with Tetrate
Learn how Tetrate products can help with your Zero Trust journey across all your cloud and network environments.