NIST SP 800-207 Zero Trust
NIST SP 800-207 Zero Trust formalized 2020.
Definition
PDP (Policy Decision Point) + PEP (Policy Enforcement Point) + Trust Algorithm architecture. 7 ZTA tenets: all data sources and services are resources, secured per-session, dynamic access, continuous monitoring, strong authentication, automation, awareness. Implemented via SDP (Software-Defined Perimeter), SASE (Secure Access Service Edge), ZTNA (Zero Trust Network Access).
Origin
NIST, SP 800-207 published August 2020 (Scott Rose, Oliver Borchert, Stu Mitchell, Sean Connelly).
Usage
Reference mandated by Executive Order 14028 (Biden cybersecurity executive order May 2021) for US federal agencies.
Related terms
- Zero Trust — fiche socle.
- SASE — implementation pattern.
- ZTNA — implementation pattern.