The National Institute of Standards and Technology (NIST) has released a new guide titled 'Implementing a Zero Trust Architecture' (SP 1800-35) aimed at helping organizations establish zero trust architectures (ZTA).

This guide is the result of a four-year collaboration between NIST’s National Cybersecurity Center of Excellence (NCCoE) and 24 industry partners, focusing on practical implementation of zero trust principles.

It enhances NIST's previous zero trust framework (SP 800-207) by offering more actionable strategies for implementation.

The guide features 19 example setups that utilize off-the-shelf commercial tools, addressing various scenarios including hybrid cloud environments, branch offices, and public Wi-Fi usage.

Each model within the guide includes detailed technical deployment instructions, sample configurations, integration steps, test results, and best practices based on real-world applications.

The guidance specifically addresses the challenges posed by multiple policy decision and enforcement points (PDP/PEPs) in zero trust architecture, highlighting their critical role in preventing data breaches.

Brian Soby, CTO at AppOmni, points out that without proper integration of these multiple PDP/PEPs, organizations may face vulnerabilities in their zero trust plans.

Soby further emphasizes that effective security decisions require a contextual understanding that goes beyond fixed rules, advocating for an adaptable zero trust architecture that can respond to changing user behaviors and system contexts.