The final version of National Institute of Standards and Technology (NIST) Special Publication 800-207 on zero trust could be released as soon as this month, with an opportunity for industry collaboration coming this fall, a NIST official confirmed today.
Special Publication 800-207 “provides general guidance for adoption of zero-trust architectures in the Federal government,” Alper Kerman, cybersecurity engineer and project manager at NIST’s National Cybersecurity Center of Excellence, said at a May 19 FCW Zero Trust Workshop. The anticipated document includes insights on technology gaps, models of zero-trust architecture, use case scenarios, and guidance on migration, he confirmed.
Since the release of the initial draft report in September 2019, Kerman said the agency has been sifting through feedback and comments to incorporate them into the document. Now, the document is going through an internal review process “and we anticipate on finalizing it by the end of this month and publishing a final version of it,” Kerman said.
Following publication, there will be an opportunity for industry collaboration on the agency’s zero trust initiatives later this year. Kerman said that NIST will be working with industry to build solutions to real-world cybersecurity challenges.
“We’ll be collaborating with industry to build a zero-trust architecture in our lab,” he explained. “It will be an example implementation, and we will produce an accompanying document, we’ll call it the Special Publication 1800 series, which is a cybersecurity practice guide.”
Project descriptions and details will likely be finalized this summer and a notice will be published in the Federal Register with the official call for industry collaborators this fall, per Kerman. “I don’t anticipate us kicking off that project until a September timeframe or maybe even a little later,” he said.