Tetrate and NIST

Building application security standards


Tetrate partners with the National Institute of Standards and Technology (NIST) to define and promote the standards for Zero Trust.

The SP 800-204 series, co-authored by Tetrate founding engineer Zack Butcher, offer deployment recommendations.


Conferences co-hosted by NIST and Tetrate

DevSecOps and ZTA for multi-cloud environments

The conference program featured presentations by experts on service mesh architecture and national leaders in DevSecOps and ZTA deployment and demonstration of proof of concept use cases in multi-cloud environments.

Learn more ›

Identity Management & Access Control in Multiclouds Workshop and Conference

The conference program featured experts on service mesh architectures, identity, and access control in modern-day cloud architecture and addressed the following themes:

  • Mitigating insider threat
  • Service mesh use cases, tools, analysis, and deployment experience
  • Enforcing next-generation attribute-based access controls in the multi-cloud

Learn more ›

NIST Zero Trust standards

By executive order, federal agencies have until July 2021 to respond with plans to implement Zero Trust Architecture with standards and guidance from the National Institute of Standards and Technology (NIST).

This is Zero Trust demystified.

Learn more ›


Next-generation access control (NGAC)

NGAC is a fundamental reworking of traditional access control into a form suited to the needs of the modern, distributed, interconnected enterprise. NGAC is based on a flexible infrastructure that can provide access control services for a number of different types of resources, accessed by a number of different types of applications and users.

In this joint talk with David Ferraiolo from NIST, we introduced NGAC and did a live demo showing how it can be applied to augment traditional RBAC with high-level concepts such as time and location in an efficient and scalable way.

Learn more ›


Different companies or software providers have devised countless ways to control user access to functions or resources, such as Discretionary Access Control (DAC), Mandatory Access Control (MAC), Role-Based Access Control (RBAC), and Attribute-Based Access Control (ABAC). In essence, whatever the type of access control model, three basic elements can be abstracted: user, system/application, and policy.

In this article, we will introduce ABAC, RBAC, and a new access control model — Next Generation Access Control (NGAC) — and compare the similarities and differences between the three, as well as why you should consider NGAC.

Learn more ›


Zero Trust Architecture

White Paper

Zero Trust

Zack Butcher—Tetrate founding engineer and co-author of NIST SP 800-204a, “Building Secure Microservices-based Applications Using Service-Mesh Architecture”

Download ›


Zero Trust- Webinar

Zero Trust at the Department of Defense
Zero Trust in the Department of Defense and what the recent cybersecurity executive order means for federal agencies. Watch this webinar and get an in-depth view.

Watch Now ›


Application Authentication and Authorization

Offloading Authentication and Authorization
NIST and Tetrate have partnered to create recommendations around safely and securely offloading authentication and authorization from application code to a service mesh.

Read More ›