{"id":25035,"date":"2024-08-07T13:00:54","date_gmt":"2024-08-07T21:00:54","guid":{"rendered":"http:\/\/www.palada.net\/index.php\/2024\/08\/07\/news-18765\/"},"modified":"2024-08-07T13:00:54","modified_gmt":"2024-08-07T21:00:54","slug":"news-18765","status":"publish","type":"post","link":"https:\/\/www.palada.net\/index.php\/2024\/08\/07\/news-18765\/","title":{"rendered":"How Microsoft and NIST are collaborating to advance the Zero Trust Implementation"},"content":{"rendered":"

Credit to Author: Mark Simos| Date: Tue, 06 Aug 2024 20:00:00 +0000<\/strong><\/p>\n

We are announcing the release of the recently published Zero Trust practice guide in collaboration between Microsoft and the National Cybersecurity Center of Excellence (NCCoE). This guide<\/a> details how to implement a Zero Trust strategy, and what an end to end security approach using Zero Trust means for you and your organization. <\/p>\n

While the <\/a>Zero Trust security model<\/a> is continuing to gain momentum, customers regularly ask for guidance on how to deploy this model effectively using today\u2019s available technology. Microsoft participating in an ongoing collaboration<\/a> led by the National Institute of Standards and Technology\u2019s (NIST\u2019s) NCCoE. Microsoft joined this effort to support this important mission and to help answer our customer’s need for references on Zero Trust implementations.\u00a0\u00a0\u00a0<\/p>\n

Since 2022, the NCCoE has collaborated with 24 vendors, including Microsoft, on developing a <\/a>practice guide<\/a> with practical steps for organizations eager to implement cybersecurity reference designs for Zero Trust. Zero Trust principles include assuming compromise (assuming breach) to drive a holistic and practical security approach, verifying trust explicitly before granting access to assets, and limiting the blast radius by granting the least privilege necessary. The Zero Trust model describes a collaborative comprehensive approach for end-to-end security that is required to keep up with continuous changes in threats, technology, and business.<\/p>\n

\n

“The NCCoE strives to launch initiatives that directly benefit organizations facing modern cybersecurity challenges. The lessons learned from integrating various products and services contributed by collaborators like Microsoft is an invaluable contribution toward this effort.”<\/p>\n

\u2014Alper Kerman of NIST<\/cite><\/p><\/blockquote>\n

Security isn\u2019t easy\u2014it\u2019s always been an extremely complex and challenging discipline and Zero Trust is now transforming how many aspects of that discipline are done. While there is much more to do, we are encouraged by seeing customers make rapid progress on Zero Trust and getting meaningful benefits from it.<\/p>\n

\n
\n
\n
\t\t\t\t\t\"Decorative\t\t\t\t<\/div>\n
\n
\n

NIST: Implementing a Zero Trust Architecture<\/h2>\n
\n

This guide from NIST shares practical guidance to implement Zero Trust from the NCCoE labs.<\/p>\n<\/p><\/div>\n

\t\t\t\t\t\t\t \t\t\t\t\t\t\t\tRead the guide<\/span> \t\t\t\t\t\t\t\t<\/span> \t\t\t\t\t\t\t<\/a> \t\t\t\t\t\t<\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n<\/p><\/div>\n

Microsoft and the NIST NCCoE: United in prioritizing Zero Trust model<\/h2>\n

Both Microsoft and the NCCoE have been strong advocates of the Zero Trust model for years. This diagram illustrates how Microsoft technology maps to the NIST Zero Trust model:<\/p>\n

\"A<\/figure>\n

NIST\u2019s role in cybersecurity cannot be overstated. In addition to publishing security standards for decades, NIST\u2019s collaborative hub, called the NCCoE, has brought clarity on how to design and implement Zero Trust by publishing how-to guides, practice guides, and business case examples.  <\/p>\n

\n

“The NCCoE is dedicated to helping organizations strengthen their cybersecurity. A major way we do this is by translating existing security standards into example implementation guidance, so organizations know exactly what they need to do to protect their most critical assets. By simplifying the process, we can get more organizations benefiting from Zero Trust principles.”<\/p>\n

\u2014Alper Kerman of NIST<\/cite><\/p><\/blockquote>\n

The Microsoft and NIST NCCoE collaboration<\/h2>\n

Microsoft has participated for decades in NIST\u2019s open and transparent process for standards development and in particular supported NIST NCCoE \u2018s mission to develop practical, interoperable cybersecurity approaches that show how the components of zero trust architectures can securely mitigate risks and meet industry sectors\u2019 compliance requirements. Microsoft has been impressed by NIST\u2019s role serving as a credible and clear voice in the security industry. When we found out about this latest collaboration opportunity, we knew we wanted to play a part. <\/p>\n

In October 2020, when the NCCoE sought industry partners to support the implementation of the Zero Trust architecture project, we jumped at the opportunity. The NCCoE\u2019s Zero Trust architecture project<\/a> is its largest to date with 24 participating organizations, seventeen different builds, and a rich set of practical documentation. The goal of this NCCoE project is to demonstrate several example zero trust architecture solutions\u2014applied to a conventional, general-purpose enterprise IT infrastructure\u2014that are designed and deployed according to the concepts and tenets documented in NIST Special Publication (SP) 800-207<\/a>, Zero Trust Architecture. The documents from this work effectively demonstrate how to practically implement Zero Trust principles using today\u2019s technology.  <\/p>\n

The project addresses several common scenarios you may face: <\/p>\n