NIST and ZTA - Versasec

NIST and ZTA

Date: 2020-08-27
Author: Joakim Thorén, CEO

NIST and ZTA

The US National Institute of Standards and Technology (NIST) has released a Special Publication that digs deeper into Zero Trust Architecture (ZTA) and the importance of secure provisioning.

A short reminder of what Zero Trust is might be needed. I wrote an article about it and why it’s useful here on the Versasec blog (read it here) last year. NIST made a very good summary in the abstract of the publication that is excellent:“Zero trust (ZT) is the term for an evolving set of cybersecurity paradigms that move defenses from static, network-based perimeters to focus on users, assets, and resources. A zero trust architecture (ZTA) uses zero trust principles to plan industrial and enterprise infrastructure and workflows. Zero trust assumes there is no implicit trust granted to assets or user accounts based solely on their physical or network location (i.e., local area networks versus the internet) or based on asset ownership (enterprise or personally owned).”The full NIST Special Publication 800-207 can be found here: https://csrc.nist.gov/publications/detail/sp/800-207/final

I am especially interested in section 6.3 where the authors focus on the importance of securing provisioning to enable moving to ZTA. And it is even more important to secure the provisioning against impersonation and account escalation attempts.

In vSEC:CMS we have implemented a long list of what we call secondary authentication methods. These are used to authenticate users, when the main authentication credentials are not available – for example during provisioning. Examples of such secondary authentication methods include OTP, Domain Credentials, SMS, Email, manager approvals and IdP via OIDC. Further vSEC:CMS has implemented granular access control of all parts of the system, which enables administrators to limit what operator can do (which tasks), for what subject, for what device and for what certificate etc.

Have a look at the NIST Special Publication and please let us know if you have any other ideas how Versasec can help the world move faster to implement Zero Trust!

vSEC:CMS

Our product suite provides all the software tools to administrate and manage credentials in a secure and convenient way.

Start here

Free Product Trial

Versasec provides enabling IT security products centered on the usage of security devices such as smart cards. Our solutions enable customers to securely authenticate, issue and manage user credentials more cost effectively. Get a free product trial.

Job Openings

We are always looking for new exceptional persons to join our team! Find out more about our job openings.

Versasec Support

Versasec customers with an existing support and maintenance contract can access the Versasec Support Portal, offering extensive professional support and maintenance services. The Versasec Support Portal offers a variety of services, allowing for customers and any site visitor to communicate directly with support engineers.

Contact Support

Company Blog

Our blog addresses the latest security trends and stories. The posts discuss how identity and access management are playing a larger role in keeping corporate data safe as well as brand reputations intact.

Visit our Blog
Share this article
Middle East

Versasec AB
Road 18, Building #55, Sarayat El Maadi
Cairo 11728, Arab Republic of Egypt
[View on map]

Asia

Versasec AB
G Tower #16-08, 199 Jalan Tun Razak
50400 Kuala Lumpur, Malaysia
[View on map]

Germany

Versasec AB (R&D)
Fritz-Haber-Strasse 9
06217 Merseburg, Germany
[View on map]

Privacy Preference Center