Mytek Logo
MyTek Logo

Tip of the Week: Examining NIST’s Definition of Zero Trust

by | Oct 20, 2021 | MyTek Blog, Tip of the Week


Subscribe To The Blog

By subscribing to the blog, you will be notified when a new blog post is created on the site.

How many people do you trust? This is a pretty difficult question, but luckily, in a zero trust network, that question is answered for you. The idea of this network is that everyone, no matter who they are, needs to be verified. You might imagine that this has been effective in preventing breaches.

But what is a zero-trust network? Let’s take a few minutes to break down the National Institute of Standards and Technology’s definition of zero trust, based on the seven “tenets” that must be followed. There can be found in their Special Publication 800-207.

How Does NIST Define Zero Trust?

This is the definition of Zero Trust, found in the publication:

“Zero trust (ZT) provides a collection of concepts and ideas designed to minimize

uncertainty in enforcing accurate, least privilege per-request access decisions in

information systems and services in the face of a network viewed as compromised. Zero

trust architecture (ZTA) is an enterprise’s cybersecurity plan that utilizes zero trust

concepts and encompasses component relationships, workflow planning, and access

policies. Therefore, a zero trust enterprise is the network infrastructure (physical and

virtual) and operational policies that are in place for an enterprise as a product of a zero

trust architecture plan.”

Zero trust makes it harder for threats to get in and also simplifies the task of identifying how threats got in.

NIST’s Seven Tenets, Reviewed

Here is the list of the seven tenets, so let’s see what each of them requires.

“All data sources and computing services are considered resources.”

This means that anything that is connected to the network has to abide by all access controls and security requirements that have been established on the network.

“All communication is secured regardless of network location.”

Whether a device is on the network or not, all communication should maintain the highest levels of security, just as it would if external networks were involved.

“Access to individual enterprise resources is granted on a per-session basis.”

One of your users may need access to one of your assets for a limited time or even for a single session. Requiring authentication every time resources are accessed will help limit any chance of unauthorized usage.

“Access to resources is determined by dynamic policy—including the observable state of client identity, application/service, and the requesting asset—and may include other behavioral and environmental attributes.”

Business technology is super complicated, which is the hard fact of the matter. Especially now that remote work is an option for your employees, it gets even more complicated. A lot of data is being handed out because of this, and taking into account the permission can make it more secure.

“The enterprise monitors and measures the integrity and security posture of all owned and associated assets.”

Zero trust, even though it may sound a little cliche, means that you can’t trust anyone or anything. All assets should be monitored carefully so that threats can’t intrude and patches are taken care of in a timely manner.

“All resource authentication and authorization are dynamic and strictly enforced before access is allowed.”

Zero trust approached makes sure that access permissions are confirmed continuously, and takes a lot of different inputs into consideration to determine whether to grant access.

“The enterprise collects as much information as possible about the current state of assets, network infrastructure and communications and uses it to improve its security posture.”

Keeping track of everything in the network environment is important for security to be kept. This includes three core components: the policy administrator, the policy enforcement point, and the policy engine. 

Security is so important and MyTek can help by monitoring your network for you. Give us a call today at 623-312-2444 to learn more about zero trust networks.


Tim - Team

Tim Tiller, LMSW

Tim Tiller, MSW brings a deep service background to his role at Mytek, having graduated from McDonald’s management training program, fresh out of high school, and working his way up through the ranks in the hospitality industry. He has led two prior companies – Multi-Systems Inc., an IT-focused organization providing technology to hospitality companies (where he was named President at age 36), and most recently, as Chief Operating Officer for Jewish Voice Ministries International.


Subscribe To This Author

By subscribing to the author, you will be notified when a new blog post is created by the author.


Top 5 Hardware Monitoring Software 

Did you know that almost 40% of servers had at least one outage in the last twelve months? Veeam reports that the most common reason for outrages is infrastructure failure which puts the current hardware monitoring practices under the scanner. Hardware failures are...

Types of Mobile Malware & How to Defend Against Them

Malware has a long history of undermining computer security and stealing critical data. With the rapid growth of mobile usage, we're now seeing a new breed of mobile malware infecting smartphones and tablets. The new-age mobile malware are more advanced, seamless, and...

How to Protect Your Data Privacy & Enhance IT Security

Every time you use a device, you enter, modify or access data. Some of your usages are routine and public but sometimes you perform tasks that are confidential in your personal life or business. Naturally, this type of data is private and it should be kept that way....

Mobile? Grab this Article!

QR Code

Blog Archive

Share This