The National Institute of Standards and Technology has laid out components of a comprehensive zero-trust system and is asking product developers to come together and build it.
The end result will be the foundation of a practice guide in a series of special publications. Prospective participants will be evaluated on a first-come, first-serve basis according to a notice posted in the Federal Register Wednesday with kick off happening within the month.
“Collaborative activities will commence as soon as enough completed and signed letters of interest have been returned to address all the necessary components and capabilities, but no earlier than [30 days after the posting date],” the notice reads.
Entities with commercial offerings essential to zero trust—the buzzy premise that an organization’s internal network is not an inherently safe space—have an opportunity to demonstrate their wares in collaboration with NIST and other vendors, the notice said.
The popularity of a zero trust approach to security has grown along with the adoption of cloud services and an increase in network-connected devices. Demarcation of the perimeter is no longer clear and the persistence of insider threat has increased focus on the need to carefully manage user identity and limit access to sensitive data and operations.
But the term zero trust has also become a marketing opportunity, with companies eager to lay claim to its features.
In the notice, and in a description of its overarching project, NIST specifically describes the elements of a zero trust system. A few examples inc ..
Support the originator by clicking the read the rest link below.
