Aligning Your Security Policy with NIST 800-207 Zero Trust Principles
The NIST (National Institute of Standards and Technology, part of the U.S. Dept. of Commerce) has released a Zero Trust Security Guide (SP 800-207) that provides practical recommendations for organizations on how to achieve and maintain Zero Trust.
Based on NIST, agencies’ traditional approach to network security was that within an organization’s network perimeter, services and users were trusted, and therefore, could ‘talk’/ connect to one another. It was, for the most part, an open, almost flat network, where any traffic or users were trusted by virtue of being inside the perimeter. This enables unauthorized lateral movement, once an attacker gained access into the perimeter, which is considered one of the main challenges federal agencies face today