Zero Trust

Hi All,

Open for Public Comment: NIST NCCoE Zero Trust Architecture Preliminary Draft Practice Guide (Vol D) 
NIST's National Cybersecurity Center of Excellence (NCCoE) has released the third version of volume D of a preliminary draft practice guide titled "Implementing a Zero Trust Architecture" (ZTA) and is seeking the public's comments on its contents.

This guide summarizes how the NCCoE and its collaborators are using commercially available technology to build interoperable, open standards-based ZTA example implementations that align to the concepts and principles in NIST Special Publication (SP) 800-207, Zero Trust Architecture. Volume D provides a functional demonstration plan and the updated version includes demonstration results for ten builds.
As an enterprise's data and resources have become distributed across the on-premises environment and multiple clouds, protecting them has become increasingly challenging. Many users need access from anywhere, at any time, from any device. The NCCoE is addressing these challenges by collaborating with industry participants to demonstrate several approaches to a zero-trust architecture applied to a conventional, general-purpose enterprise IT infrastructure on-premises and in the cloud.
 
The NCCoE is making volume D available (https://www.nccoe.nist.gov/projects/implementing-zero-trust-architecture) as a preliminary draft for public comment while work continues on the project. Review the preliminary draft and submit comments by October 9th, 2023. Comments and questions for the team can be sent to [email protected].

@Erik Johnson

@Anna Schorr

@Chandler Curran

Hi All,

Open for Public Comment: NIST NCCoE Zero Trust Architecture Preliminary Draft Practice Guide (Vol D) 
NIST's National Cybersecurity Center of Excellence (NCCoE) has released the third version of volume D of a preliminary draft practice guide titled "Implementing a Zero Trust Architecture" (ZTA) and is seeking the public's comments on its contents.

This guide summarizes how the NCCoE and its collaborators are using commercially available technology to build interoperable, open standards-based ZTA example implementations that align to the concepts and principles in NIST Special Publication (SP) 800-207, Zero Trust Architecture. Volume D provides a functional demonstration plan and the updated version includes demonstration results for ten builds.
As an enterprise's data and resources have become distributed across the on-premises environment and multiple clouds, protecting them has become increasingly challenging. Many users need access from anywhere, at any time, from any device. The NCCoE is addressing these challenges by collaborating with industry participants to demonstrate several approaches to a zero-trust architecture applied to a conventional, general-purpose enterprise IT infrastructure on-premises and in the cloud.
 
The NCCoE is making volume D available (https://www.nccoe.nist.gov/projects/implementing-zero-trust-architecture) as a preliminary draft for public comment while work continues on the project. Review the preliminary draft and submit comments by October 9th, 2023. Comments and questions for the team can be sent to [email protected].

@Erik Johnson

@Anna Schorr

@Chandler Curran

Hi All,

Open for Public Comment: NIST NCCoE Zero Trust Architecture Preliminary Draft Practice Guide (Vol D) 
NIST's National Cybersecurity Center of Excellence (NCCoE) has released the third version of volume D of a preliminary draft practice guide titled "Implementing a Zero Trust Architecture" (ZTA) and is seeking the public's comments on its contents.

This guide summarizes how the NCCoE and its collaborators are using commercially available technology to build interoperable, open standards-based ZTA example implementations that align to the concepts and principles in NIST Special Publication (SP) 800-207, Zero Trust Architecture. Volume D provides a functional demonstration plan and the updated version includes demonstration results for ten builds.
As an enterprise's data and resources have become distributed across the on-premises environment and multiple clouds, protecting them has become increasingly challenging. Many users need access from anywhere, at any time, from any device. The NCCoE is addressing these challenges by collaborating with industry participants to demonstrate several approaches to a zero-trust architecture applied to a conventional, general-purpose enterprise IT infrastructure on-premises and in the cloud.
 
The NCCoE is making volume D available (https://www.nccoe.nist.gov/projects/implementing-zero-trust-architecture) as a preliminary draft for public comment while work continues on the project. Review the preliminary draft and submit comments by October 9th, 2023. Comments and questions for the team can be sent to [email protected].

@Erik Johnson

@Anna Schorr

@Chandler Curran

Here's the link to the NIST landing page for info and context on the full set of NCCOE ZT docs: https://www.nccoe.nist.gov/projects/implementing-zero-trust-architecture

Is there any interest in compiling an aggregate and harmonized set of CSA comments on this?

Hi All,

Open for Public Comment: NIST NCCoE Zero Trust Architecture Preliminary Draft Practice Guide (Vol D) 
NIST's National Cybersecurity Center of Excellence (NCCoE) has released the third version of volume D of a preliminary draft practice guide titled "Implementing a Zero Trust Architecture" (ZTA) and is seeking the public's comments on its contents.

This guide summarizes how the NCCoE and its collaborators are using commercially available technology to build interoperable, open standards-based ZTA example implementations that align to the concepts and principles in NIST Special Publication (SP) 800-207, Zero Trust Architecture. Volume D provides a functional demonstration plan and the updated version includes demonstration results for ten builds.
As an enterprise's data and resources have become distributed across the on-premises environment and multiple clouds, protecting them has become increasingly challenging. Many users need access from anywhere, at any time, from any device. The NCCoE is addressing these challenges by collaborating with industry participants to demonstrate several approaches to a zero-trust architecture applied to a conventional, general-purpose enterprise IT infrastructure on-premises and in the cloud.
 
The NCCoE is making volume D available (https://www.nccoe.nist.gov/projects/implementing-zero-trust-architecture) as a preliminary draft for public comment while work continues on the project. Review the preliminary draft and submit comments by October 9th, 2023. Comments and questions for the team can be sent to [email protected].

@Erik Johnson

@Anna Schorr

@Chandler Curran

Erik, I would think yes.  I am currently collecting my own comments.

An overall comment is that section 2 reads like a compliance statement.  There are a significant number of UC that are repetitive in that they enumerate a large number of permutations yet the expect outcome is the same for each line.

I think it also has questions for O&A and V&A in terms of granularity and sources of signals and api to enforce controls.

Richard

Here's the link to the NIST landing page for info and context on the full set of NCCOE ZT docs: https://www.nccoe.nist.gov/projects/implementing-zero-trust-architecture

Is there any interest in compiling an aggregate and harmonized set of CSA comments on this?

Hi All,

Open for Public Comment: NIST NCCoE Zero Trust Architecture Preliminary Draft Practice Guide (Vol D) 
NIST's National Cybersecurity Center of Excellence (NCCoE) has released the third version of volume D of a preliminary draft practice guide titled "Implementing a Zero Trust Architecture" (ZTA) and is seeking the public's comments on its contents.

This guide summarizes how the NCCoE and its collaborators are using commercially available technology to build interoperable, open standards-based ZTA example implementations that align to the concepts and principles in NIST Special Publication (SP) 800-207, Zero Trust Architecture. Volume D provides a functional demonstration plan and the updated version includes demonstration results for ten builds.
As an enterprise's data and resources have become distributed across the on-premises environment and multiple clouds, protecting them has become increasingly challenging. Many users need access from anywhere, at any time, from any device. The NCCoE is addressing these challenges by collaborating with industry participants to demonstrate several approaches to a zero-trust architecture applied to a conventional, general-purpose enterprise IT infrastructure on-premises and in the cloud.
 
The NCCoE is making volume D available (https://www.nccoe.nist.gov/projects/implementing-zero-trust-architecture) as a preliminary draft for public comment while work continues on the project. Review the preliminary draft and submit comments by October 9th, 2023. Comments and questions for the team can be sent to [email protected].

@Erik Johnson

@Anna Schorr

@Chandler Curran

Great. Here's a shared comment file that we can all use. Default access is Commenter. Let me know if you have comments you'd like to add in Edit mode.

CSA-zta-nist-sp1800-35-comment-form.xlsx

Erik, I would think yes.  I am currently collecting my own comments.

An overall comment is that section 2 reads like a compliance statement.  There are a significant number of UC that are repetitive in that they enumerate a large number of permutations yet the expect outcome is the same for each line.

I think it also has questions for O&A and V&A in terms of granularity and sources of signals and api to enforce controls.

Richard

Here's the link to the NIST landing page for info and context on the full set of NCCOE ZT docs: https://www.nccoe.nist.gov/projects/implementing-zero-trust-architecture

Is there any interest in compiling an aggregate and harmonized set of CSA comments on this?

Hi All,

Open for Public Comment: NIST NCCoE Zero Trust Architecture Preliminary Draft Practice Guide (Vol D) 
NIST's National Cybersecurity Center of Excellence (NCCoE) has released the third version of volume D of a preliminary draft practice guide titled "Implementing a Zero Trust Architecture" (ZTA) and is seeking the public's comments on its contents.

This guide summarizes how the NCCoE and its collaborators are using commercially available technology to build interoperable, open standards-based ZTA example implementations that align to the concepts and principles in NIST Special Publication (SP) 800-207, Zero Trust Architecture. Volume D provides a functional demonstration plan and the updated version includes demonstration results for ten builds.
As an enterprise's data and resources have become distributed across the on-premises environment and multiple clouds, protecting them has become increasingly challenging. Many users need access from anywhere, at any time, from any device. The NCCoE is addressing these challenges by collaborating with industry participants to demonstrate several approaches to a zero-trust architecture applied to a conventional, general-purpose enterprise IT infrastructure on-premises and in the cloud.
 
The NCCoE is making volume D available (https://www.nccoe.nist.gov/projects/implementing-zero-trust-architecture) as a preliminary draft for public comment while work continues on the project. Review the preliminary draft and submit comments by October 9th, 2023. Comments and questions for the team can be sent to [email protected].

@Erik Johnson

@Anna Schorr

@Chandler Curran

Great. Here's a shared comment file that we can all use. Default access is Commenter. Let me know if you have comments you'd like to add in Edit mode.

CSA-zta-nist-sp1800-35-comment-form.xlsx

Erik, I would think yes.  I am currently collecting my own comments.

An overall comment is that section 2 reads like a compliance statement.  There are a significant number of UC that are repetitive in that they enumerate a large number of permutations yet the expect outcome is the same for each line.

I think it also has questions for O&A and V&A in terms of granularity and sources of signals and api to enforce controls.

Richard

Here's the link to the NIST landing page for info and context on the full set of NCCOE ZT docs: https://www.nccoe.nist.gov/projects/implementing-zero-trust-architecture

Is there any interest in compiling an aggregate and harmonized set of CSA comments on this?

Hi All,

Open for Public Comment: NIST NCCoE Zero Trust Architecture Preliminary Draft Practice Guide (Vol D) 
NIST's National Cybersecurity Center of Excellence (NCCoE) has released the third version of volume D of a preliminary draft practice guide titled "Implementing a Zero Trust Architecture" (ZTA) and is seeking the public's comments on its contents.

This guide summarizes how the NCCoE and its collaborators are using commercially available technology to build interoperable, open standards-based ZTA example implementations that align to the concepts and principles in NIST Special Publication (SP) 800-207, Zero Trust Architecture. Volume D provides a functional demonstration plan and the updated version includes demonstration results for ten builds.
As an enterprise's data and resources have become distributed across the on-premises environment and multiple clouds, protecting them has become increasingly challenging. Many users need access from anywhere, at any time, from any device. The NCCoE is addressing these challenges by collaborating with industry participants to demonstrate several approaches to a zero-trust architecture applied to a conventional, general-purpose enterprise IT infrastructure on-premises and in the cloud.
 
The NCCoE is making volume D available (https://www.nccoe.nist.gov/projects/implementing-zero-trust-architecture) as a preliminary draft for public comment while work continues on the project. Review the preliminary draft and submit comments by October 9th, 2023. Comments and questions for the team can be sent to [email protected].

@Erik Johnson

@Anna Schorr

@Chandler Curran

Can you make this accessible please Erik.  For the benefit of the group, I believe there is a basic weakness in the Use Case A: Discovery and Identification of IDs, Assets, and Data Flows. Here is my comment, as clarity here is essential for subsequent sections. I would be interested in other ZTA practitioner views. 

Scenario A-1: Discovery and authentication of endpoint assets – this section refers to a precondition that "The enterprise infrastructure is a macrosegmented local network with an "enterprise" segment with resources that can only be accessed by authorized Enterprise-IDs and a "guest" segment with access to the public internet only." This is now an out of date description for network segmentation. Enterprise segments and guest segments are no longer segregated by private network and public network. Network segmentation can apply to SaaS for both enterprise users and guest users. Third parties are often provided access by segment to functionality NOT over the public internet. For a start, the focus on network segment as being inferred from Enterprise ID and Guest ID is too vague. Presumably these are identity management precepts, not network segmentation access identifiers. As it currently reads, there is a confusion between network identification and access service identity management. This is important, because subsequently re-authentication is referred to. If authentication, authorization and access management are not adequately defined from the outset, the following sections are based on vague assumptions. This weakens the rest of the document.

Great. Here's a shared comment file that we can all use. Default access is Commenter. Let me know if you have comments you'd like to add in Edit mode.

CSA-zta-nist-sp1800-35-comment-form.xlsx

Erik, I would think yes.  I am currently collecting my own comments.

An overall comment is that section 2 reads like a compliance statement.  There are a significant number of UC that are repetitive in that they enumerate a large number of permutations yet the expect outcome is the same for each line.

I think it also has questions for O&A and V&A in terms of granularity and sources of signals and api to enforce controls.

Richard

Here's the link to the NIST landing page for info and context on the full set of NCCOE ZT docs: https://www.nccoe.nist.gov/projects/implementing-zero-trust-architecture

Is there any interest in compiling an aggregate and harmonized set of CSA comments on this?

Hi All,

Open for Public Comment: NIST NCCoE Zero Trust Architecture Preliminary Draft Practice Guide (Vol D) 
NIST's National Cybersecurity Center of Excellence (NCCoE) has released the third version of volume D of a preliminary draft practice guide titled "Implementing a Zero Trust Architecture" (ZTA) and is seeking the public's comments on its contents.

This guide summarizes how the NCCoE and its collaborators are using commercially available technology to build interoperable, open standards-based ZTA example implementations that align to the concepts and principles in NIST Special Publication (SP) 800-207, Zero Trust Architecture. Volume D provides a functional demonstration plan and the updated version includes demonstration results for ten builds.
As an enterprise's data and resources have become distributed across the on-premises environment and multiple clouds, protecting them has become increasingly challenging. Many users need access from anywhere, at any time, from any device. The NCCoE is addressing these challenges by collaborating with industry participants to demonstrate several approaches to a zero-trust architecture applied to a conventional, general-purpose enterprise IT infrastructure on-premises and in the cloud.
 
The NCCoE is making volume D available (https://www.nccoe.nist.gov/projects/implementing-zero-trust-architecture) as a preliminary draft for public comment while work continues on the project. Review the preliminary draft and submit comments by October 9th, 2023. Comments and questions for the team can be sent to [email protected].

@Erik Johnson

@Anna Schorr

@Chandler Curran

Hi All,

Open for Public Comment: NIST NCCoE Zero Trust Architecture Preliminary Draft Practice Guide (Vol D) 
NIST's National Cybersecurity Center of Excellence (NCCoE) has released the third version of volume D of a preliminary draft practice guide titled "Implementing a Zero Trust Architecture" (ZTA) and is seeking the public's comments on its contents.

This guide summarizes how the NCCoE and its collaborators are using commercially available technology to build interoperable, open standards-based ZTA example implementations that align to the concepts and principles in NIST Special Publication (SP) 800-207, Zero Trust Architecture. Volume D provides a functional demonstration plan and the updated version includes demonstration results for ten builds.
As an enterprise's data and resources have become distributed across the on-premises environment and multiple clouds, protecting them has become increasingly challenging. Many users need access from anywhere, at any time, from any device. The NCCoE is addressing these challenges by collaborating with industry participants to demonstrate several approaches to a zero-trust architecture applied to a conventional, general-purpose enterprise IT infrastructure on-premises and in the cloud.
 
The NCCoE is making volume D available (https://www.nccoe.nist.gov/projects/implementing-zero-trust-architecture) as a preliminary draft for public comment while work continues on the project. Review the preliminary draft and submit comments by October 9th, 2023. Comments and questions for the team can be sent to [email protected].

@Erik Johnson

@Anna Schorr

@Chandler Curran

The link is not working for me. I will therefore be sending my own comments. Collaboration is a valuable tool, however the link provided by Eric Johnson is not working. 

Best Regards

Hi All,

Open for Public Comment: NIST NCCoE Zero Trust Architecture Preliminary Draft Practice Guide (Vol D) 
NIST's National Cybersecurity Center of Excellence (NCCoE) has released the third version of volume D of a preliminary draft practice guide titled "Implementing a Zero Trust Architecture" (ZTA) and is seeking the public's comments on its contents.

This guide summarizes how the NCCoE and its collaborators are using commercially available technology to build interoperable, open standards-based ZTA example implementations that align to the concepts and principles in NIST Special Publication (SP) 800-207, Zero Trust Architecture. Volume D provides a functional demonstration plan and the updated version includes demonstration results for ten builds.
As an enterprise's data and resources have become distributed across the on-premises environment and multiple clouds, protecting them has become increasingly challenging. Many users need access from anywhere, at any time, from any device. The NCCoE is addressing these challenges by collaborating with industry participants to demonstrate several approaches to a zero-trust architecture applied to a conventional, general-purpose enterprise IT infrastructure on-premises and in the cloud.
 
The NCCoE is making volume D available (https://www.nccoe.nist.gov/projects/implementing-zero-trust-architecture) as a preliminary draft for public comment while work continues on the project. Review the preliminary draft and submit comments by October 9th, 2023. Comments and questions for the team can be sent to [email protected].

@Erik Johnson

@Anna Schorr

@Chandler Curran

Nya,

You're certainly free to send your own comments in directly but if you provide more info about what you're doing (e.g. how you're logged in) and whats not working  we'll help get it working for you.

The link is not working for me. I will therefore be sending my own comments. Collaboration is a valuable tool, however the link provided by Eric Johnson is not working. 

Best Regards

Hi All,

Open for Public Comment: NIST NCCoE Zero Trust Architecture Preliminary Draft Practice Guide (Vol D) 
NIST's National Cybersecurity Center of Excellence (NCCoE) has released the third version of volume D of a preliminary draft practice guide titled "Implementing a Zero Trust Architecture" (ZTA) and is seeking the public's comments on its contents.

This guide summarizes how the NCCoE and its collaborators are using commercially available technology to build interoperable, open standards-based ZTA example implementations that align to the concepts and principles in NIST Special Publication (SP) 800-207, Zero Trust Architecture. Volume D provides a functional demonstration plan and the updated version includes demonstration results for ten builds.
As an enterprise's data and resources have become distributed across the on-premises environment and multiple clouds, protecting them has become increasingly challenging. Many users need access from anywhere, at any time, from any device. The NCCoE is addressing these challenges by collaborating with industry participants to demonstrate several approaches to a zero-trust architecture applied to a conventional, general-purpose enterprise IT infrastructure on-premises and in the cloud.
 
The NCCoE is making volume D available (https://www.nccoe.nist.gov/projects/implementing-zero-trust-architecture) as a preliminary draft for public comment while work continues on the project. Review the preliminary draft and submit comments by October 9th, 2023. Comments and questions for the team can be sent to [email protected].

@Erik Johnson

@Anna Schorr

@Chandler Curran

Erik, the spreadsheet is read only.  I've never had that experience previously with CSA spreadsheets.  Did anyone else test it?

Nya,

You're certainly free to send your own comments in directly but if you provide more info about what you're doing (e.g. how you're logged in) and whats not working  we'll help get it working for you.

The link is not working for me. I will therefore be sending my own comments. Collaboration is a valuable tool, however the link provided by Eric Johnson is not working. 

Best Regards

Hi All,

Open for Public Comment: NIST NCCoE Zero Trust Architecture Preliminary Draft Practice Guide (Vol D) 
NIST's National Cybersecurity Center of Excellence (NCCoE) has released the third version of volume D of a preliminary draft practice guide titled "Implementing a Zero Trust Architecture" (ZTA) and is seeking the public's comments on its contents.

This guide summarizes how the NCCoE and its collaborators are using commercially available technology to build interoperable, open standards-based ZTA example implementations that align to the concepts and principles in NIST Special Publication (SP) 800-207, Zero Trust Architecture. Volume D provides a functional demonstration plan and the updated version includes demonstration results for ten builds.
As an enterprise's data and resources have become distributed across the on-premises environment and multiple clouds, protecting them has become increasingly challenging. Many users need access from anywhere, at any time, from any device. The NCCoE is addressing these challenges by collaborating with industry participants to demonstrate several approaches to a zero-trust architecture applied to a conventional, general-purpose enterprise IT infrastructure on-premises and in the cloud.
 
The NCCoE is making volume D available (https://www.nccoe.nist.gov/projects/implementing-zero-trust-architecture) as a preliminary draft for public comment while work continues on the project. Review the preliminary draft and submit comments by October 9th, 2023. Comments and questions for the team can be sent to [email protected].

@Erik Johnson

@Anna Schorr

@Chandler Curran

Nya,

You're certainly free to send your own comments in directly but if you provide more info about what you're doing (e.g. how you're logged in) and whats not working  we'll help get it working for you.

The link is not working for me. I will therefore be sending my own comments. Collaboration is a valuable tool, however the link provided by Eric Johnson is not working. 

Best Regards

Hi All,

Open for Public Comment: NIST NCCoE Zero Trust Architecture Preliminary Draft Practice Guide (Vol D) 
NIST's National Cybersecurity Center of Excellence (NCCoE) has released the third version of volume D of a preliminary draft practice guide titled "Implementing a Zero Trust Architecture" (ZTA) and is seeking the public's comments on its contents.

This guide summarizes how the NCCoE and its collaborators are using commercially available technology to build interoperable, open standards-based ZTA example implementations that align to the concepts and principles in NIST Special Publication (SP) 800-207, Zero Trust Architecture. Volume D provides a functional demonstration plan and the updated version includes demonstration results for ten builds.
As an enterprise's data and resources have become distributed across the on-premises environment and multiple clouds, protecting them has become increasingly challenging. Many users need access from anywhere, at any time, from any device. The NCCoE is addressing these challenges by collaborating with industry participants to demonstrate several approaches to a zero-trust architecture applied to a conventional, general-purpose enterprise IT infrastructure on-premises and in the cloud.
 
The NCCoE is making volume D available (https://www.nccoe.nist.gov/projects/implementing-zero-trust-architecture) as a preliminary draft for public comment while work continues on the project. Review the preliminary draft and submit comments by October 9th, 2023. Comments and questions for the team can be sent to [email protected].

@Erik Johnson

@Anna Schorr

@Chandler Curran