NIST selects Ivanti on Implementing A Zero Trust Architecture project

Ivanti announced that it has been selected by the National Institute of Standards and Technology’s (NIST’s) National Cybersecurity Center of Excellence (NCCoE) to participate as a collaborator in the Implementing A Zero Trust Architecture project.

The goal of the project is to build zero trust security architectures to help organizations mitigate cybersecurity risk. President Biden recently signed an Executive Order, making zero trust a top priority for modernizing U.S. federal government cybersecurity and requiring federal agencies to quickly develop plans to implement Zero Trust Architectures.

At its simplest, zero trust security enables organizations to achieve a stronger and more impenetrable network by continually verifying each asset and transaction before permitting any access. By adopting a “never trust, always verify” approach, organizations can achieve comprehensive visibility and secure access across devices, users, apps, data, and networks in the Everywhere Workplace.

As a collaborator, Ivanti will help develop practical, interoperable approaches to designing and building Zero Trust architectures that align with the tenets and principles documented in NIST SP 800-207, Zero Trust Architecture. As part of this collaboration, the NCCoE will compose and release a publicly available NIST Cybersecurity Practice Guide, which will include several zero trust cybersecurity reference designs that address a variety of real world cybersecurity and infrastructure challenges.

Ivanti is joined by collaborators Amazon Web Services, AppGate Federal, Cisco, F5 Networks, FireEye, Forescout, IBM Corp, McAfee Corp, Microsoft, Okta, Palo Alto Networks, PC Matic, Radiant Logic, SailPoint Technologies, Symantec (Broadcom), Tenable and Zscaler.

“With sophisticated cyberattacks becoming increasingly commonplace, it’s clear that a radical transformation is needed in the way public and private industries approach security,” said Bill Harrod, Federal CTO of Ivanti. “That transformation needs to be grounded in zero trust principles and should be focused on cybersecurity modernization. The problem today is that zero trust approaches to security have been fragmented, inconsistent, and difficult to implement, resulting in slow adoption that only exacerbates an already precarious situation. As a leader in providing solutions that accelerate zero trust adoption, we are pleased to be part of this cohort, along with NIST. We look forward to developing example zero trust implementations that will shape a new era of cybersecurity best practices designed to mitigate risk.”

Conventional network security approaches have traditionally focused on perimeter defense; however, the perimeter has become less relevant due to the growth of cloud and mobile technologies and the surge in remote work. The emergence of the Everywhere Workplace has also introduced new threat vectors that traditional security models were simply not designed to defend against, such as new points of entry, exit, and data access, making security an ongoing challenge.

Zero trust addresses these challenges by focusing on protecting resources and users instead of the perimeter. Zero trust enables organizations to consistently enforce controlled access and tight containment across users, devices, apps, and networks, reducing their attack surfaces and minimizing risk.