NIST SP 1800-35 - Implementing a Zero Trust Architecture - Privileged Access Management

NIST Special Publication 1800-35, titled "Implementing a Zero Trust Architecture," provides detailed guidance on enhancing identity and privileged access control within a Zero Trust framework. The guide underscores the necessity of robust identity governance and continuous monitoring to ensure that only authorized users can access sensitive resources. Central to this approach is the verification of user identities and their associated credentials, regardless of their network location. Each access request is evaluated in real-time, incorporating factors such as the user’s identity, role, and behavior consistency, as well as the health and credentials of the requesting device.

The document emphasizes the implementation of least privilege principles, ensuring users have only the access necessary to perform their duties, and highlights the importance of privileged access management (PAM). PAM involves securing, managing, and monitoring privileged accounts to prevent unauthorized access and potential misuse. This includes employing strong authentication mechanisms, such as multi-factor authentication (MFA), to protect against identity-based attacks. Additionally, the guidance recommends the continuous monitoring of privileged user activities and the use of automated tools to detect and respond to suspicious behavior, thereby reducing the risk of insider threats and external attacks.

NIST SP 1800-35 also integrates identity and access management (IAM) and PAM solutions into a cohesive Zero Trust Architecture (ZTA). This involves mapping ZTA security characteristics to established cybersecurity standards, such as NIST SP 800-53r5 and the Cybersecurity Framework Subcategories. By aligning identity and privileged access controls with these standards, organizations can achieve a higher level of security compliance and operational resilience. The guide's practical how-to sections and functional demonstrations provide actionable steps for implementing these controls, ensuring a secure and efficient management of identities and privileged access in a zero-trust environment​

NIST Special Publication (SP) 1800-35 (Draft), Implementing a Zero Trust Architecture

A zero trust architecture (ZTA) focuses on protecting data and resources. It enables secure authorized access to enterprise resources that are distributed across on-premises and multiple cloud environments, while enabling a hybrid workforce and partners to access resources from anywhere, at any time, from any device in support of the organization’s mission. Each access request is evaluated by verifying the context available at access time, including criteria such as the requester’s identity and role, the requesting device’s health and credentials, the sensitivity of the resource, user location, and user behavior consistency. If the enterprise’s defined access policy is met, a secure session is created to protect all information transferred to and from the resource. A real-time and continuous policy-driven, risk-based assessment is performed to establish and maintain the access. In this project, the NCCoE and its collaborators use commercially available technology to build...

csrc.nist.gov