The National Institute of Standards and Technology (NIST) was founded in 1901 and is now part of the U.S. Department of Commerce. NIST is one of the nation’s oldest physical science laboratories. Congress established the agency to remove a major challenge to U.S. industrial competitiveness. The NIST Cybersecurity Framework helps businesses of all sizes better understand, manage, and reduce their cybersecurity risk and protect their networks and data. The Framework is voluntary. The National Institute of Standards and Technology SP 800-207 is a special publication entitled, A Zero Trust Architecture (ZTA) Model for Access Control in Cloud-Native Applications in Multi-Cloud Environments.
The philosophy behind a Zero Trust network assumes that there are attackers both within and outside of the network, so no users or machines should be automatically trusted. Zero Trust verifies user identity and privileges as well as device identity and security.
The Seven Pillars of Zero Trust are:
User, Device, Network & Environment, Application & Workload, Data, Automation & Orchestration, and Visibility & Analytics.
https://csrc.nist.gov/pubs/sp/800/207/final
Official Document can be downloaded from the following:
https://nvlpubs.nist.gov/nistpubs/SpecialPublications/NIST.SP.800-207.pdf
NSA Releases Maturity Guidance for the Zero Trust Network and Environment Pillar. Please see article for this link as follows:
