Zero Trust Implementation Guidelines

What is Zero Trust?

Zero Trust is "a collection of concepts and ideas designed to minimize uncertainty in enforcing accurate, least privilege per-request access decisions in information systems and services in the face of a network viewed as compromised." (NIST SP 800-207) Zero Trust concepts assume that a breach is inevitable or has likely already occurred, so implementations constantly monitor for anomalous or malicious activity and continuously verify and limit access to automatically contain damage from the breach. To continuously verify and limit access, Zero Trust concepts focus on allowing only authorized entities to access network resources by making access control decisions and enforcement as granular as possible.

Link to the DOW Zero Trust: Primer page.

Primer

NSA provides direction and guidance for using the ZIGs in a comprehensive document.

Link to the DOW Zero Trust: Discovery page.

Discovery

NSA offers the ZT Capabilities and Activities contained in the Discovery Phase in a comprehensive document.

Link to the DOW Zero Trust: Phase One page.

Phase One

NSA offers the ZT Capabilities and Activities contained in Phase One in a comprehensive document.

Link to the DOW Zero Trust: Phase Two page.

Phase Two

NSA offers the ZT Capabilities and Activities contained in Phase Two in a comprehensive document.

Link to the DOW Zero Trust: Pillar page.

Pillars

NSA offers the ZT Capabilities and Activities by Pillar.

Link to the DOW Zero Trust: CSI page.

CSIs

NSA offers Zero Trust guidance through Cybersecurity Information Sheets.