The National Institute of Standards and Technology (NIST) has published a new resource to aid organizations in implementing zero trust architectures (ZTAs), a cybersecurity approach that assumes no user or device is inherently trustworthy.The guidance, titled *Implementing a Zero Trust Architecture* (NIST SP 1800-35), details 19 example ZTA implementations using commercially available technologies, offering organizations practical blueprints for securing modern, distributed networks.Developed through a four-year collaboration at NIST’s National Cybersecurity Center of Excellence (NCCoE) with 24 industry partners, including major technology firms, the publication addresses the complexities of transitioning from traditional perimeter-based security to zero trust.Unlike legacy models that rely on a single firewall to protect assets within a defined network boundary, ZTA continuously evaluates and verifies access requests, regardless of the user’s location or prior authentication.This approach is critical for securing hybrid environments with remote workers, cloud-based applications, and distributed data centers.’Switching to zero trust requires understanding who’s accessing what resources and why,’ said Alper Kerman, a NIST computer scientist and co-author of the publication. ‘Every organization’s network is unique, making ZTA a custom build. This guidance provides a foundational starting point for organizations to construct their own ZTAs.’ [NIST.SP.1800-35](http://cybersecuritynews.com/wp-content/uploads/2025/06/NIST.SP_.1800-35.pdf)[Download](http://cybersecuritynews.com/wp-content/uploads/2025/06/NIST.SP_.1800-35.pdf)The publication builds on NIST’s 2020 document, *Zero Trust Architecture* (NIST SP 800-207), which outlined ZTA concepts and deployment models.[The new guidance](https://www.nist.gov/news-events/news/2025/06/nist-offers-19-ways-build-zero-trust-architectures) goes further, offering detailed implementation examples, test results, and best practices derived from real-world scenarios.These scenarios simulate complex enterprise environments, including multi-cloud platforms, branch offices, and public WiFi access points like coffee shops used by remote employees.The 19 example architectures leverage off-the-shelf commercial technologies, though NIST and NCCoE emphasize that their inclusion does not constitute an endorsement.The guidance maps these solutions to cybersecurity frameworks, including the [NIST Cybersecurity Framework](https://cybersecuritynews.com/nistcybersecurity-framework-2-0/) and NIST SP 800-53, providing organizations with actionable insights for aligning ZTA deployments with industry standards.Key features of the publication include:* **Practical Implementations**: 19 ZTA configurations, each tested and documented with setup details, configurations, and troubleshooting insights.* **Real-World Scenarios**: Use cases reflecting modern network challenges, such as securing remote access and multi-cloud environments.* **Collaborative Effort**: Contributions from 24 industry collaborators, ensuring a broad perspective on ZTA deployment.* **Best Practices**: Lessons learned from four years of testing, offering guidance on technology selection and integration.Here’s a clean, structured table based on your provided content — showing various Policy Engines / Policy Decision Points and their associated Zero Trust Architecture (ZTA) builds, along with architecture and implementation instruction links or placeholders.**Build** **Policy Engine / PDP** **ZTA Architecture Instantiated** **Architecture Details** **Implementation Instructions** **E1B1** Okta Identity Cloud, Ivanti Access ZSO EIG Crawl [E1B1 Build Architecture](https://pages.nist.gov/zero-trust-architecture/VolumeB/appendices/Appendix-E1B1.html) [E1B1 Build Implementation Instructions](https://pages.nist.gov/zero-trust-architecture/VolumeC/HowTo-E1B1.html) **E2B1** Ping Identity PingFederate EIG Crawl [E2B1 Build Architecture](https://pages.nist.gov/zero-trust-architecture/VolumeB/appendices/Appendix-E2B1.html) [E2B1 Build Implementation Instructions](https://pages.nist.gov/zero-trust-architecture/VolumeC/HowTo-E2B1.html) **E3B1** Azure AD (Entra Conditional Access) EIG Crawl [E3B1 Build Architecture](https://pages.nist.gov/zero-trust-architecture/VolumeB/appendices/Appendix-E3B1.html) [E3B1 Build Implementation Instructions](https://pages.nist.gov/zero-trust-architecture/VolumeC/HowTo-E3B1.html) **E1B2** Zscaler ZPA Central Authority (CA) EIG Run [E1B2 Build Architecture](https://pages.nist.gov/zero-trust-architecture/VolumeB/appendices/Appendix-E1B2.html) [E1B2 Build Implementation Instructions](https://pages.nist.gov/zero-trust-architecture/VolumeC/HowTo-E1B2.html) **E3B2** Azure AD (Entra Conditional Access), Microsoft Intune, Forescout eyeControl, eyeExtend EIG Run [E3B2 Build Architecture](https://pages.nist.gov/zero-trust-architecture/VolumeB/appendices/Appendix-E3B2.html) [E3B2 Build Implementation Instructions](https://pages.nist.gov/zero-trust-architecture/VolumeC/HowTo-E4B3.html) **E4B3** IBM Security Verify EIG Run [E4B3 Build Architecture](https://pages.nist.gov/zero-trust-architecture/VolumeB/appendices/Appendix-E4B3.html) [E4B3 Build Implementation Instructions](https://pages.nist.gov/zero-trust-architecture/VolumeC/HowTo-E4B3.html) **E1B3** Zscaler ZPA Central Authority (CA) SDP [E1B3 Build Architecture](https://pages.nist.gov/zero-trust-architecture/VolumeB/appendices/Appendix-E1B3.html) [E1B3 Build Implementation Instructions](https://pages.nist.gov/zero-trust-architecture/VolumeC/HowTo-E1B3.html) **E2B3** PingFederate, Cisco ISE, Cisco Secure Workload Microsegmentation [E2B3 Build Architecture](https://pages.nist.gov/zero-trust-architecture/VolumeB/appendices/Appendix-E2B3.html) [E2B3 Build Implementation Instructions](https://pages.nist.gov/zero-trust-architecture/VolumeC/HowTo-E2B3.html) **E3B3** Azure AD (Entra), Intune, Microsoft Sentinel, Forescout eyeControl -& eyeExtend SDP + Microsegmentation [E3B3 Build Architecture](https://pages.nist.gov/zero-trust-architecture/VolumeB/appendices/Appendix-E3B3.html) [E3B3 Build Implementation Instructions](https://pages.nist.gov/zero-trust-architecture/VolumeC/HowTo-E3B3.html) **E1B4** Appgate SDP Controller SDP [E1B4 Build Architecture](https://pages.nist.gov/zero-trust-architecture/VolumeB/appendices/Appendix-E1B4.html) [E1B4 Build Implementation Instructions](https://pages.nist.gov/zero-trust-architecture/VolumeC/HowTo-E1B4.html) **E2B4** Symantec Cloud SWG, ZTNA, CASB SDP + SASE [E2B4 Build Architecture](https://pages.nist.gov/zero-trust-architecture/VolumeB/appendices/Appendix-E2B4.html) [E2B4 Build Implementation Instructions](https://pages.nist.gov/zero-trust-architecture/VolumeC/HowTo-E2B4.html) **E3B4** F5 BIG-IP, NGINX Plus, Forescout eyeControl -& eyeExtend SDP [E3B4 Build Architecture](https://pages.nist.gov/zero-trust-architecture/VolumeB/appendices/Appendix-E3B4.html) [E3B4 Build Implementation Instructions](https://pages.nist.gov/zero-trust-architecture/VolumeC/HowTo-E3B4.html) **E4B4** VMware Workspace ONE, UAG, NSX-T SDP + Microsegmentation + EIG [E4B4 Build Architecture](https://pages.nist.gov/zero-trust-architecture/VolumeB/appendices/Appendix-E4B4.html) [E4B4 Build Implementation Instructions](https://pages.nist.gov/zero-trust-architecture/VolumeC/HowTo-E4B4.html) **E1B5** Palo Alto NGFW, Prisma Access SASE + Microsegmentation [E1B5 Build Architecture](https://pages.nist.gov/zero-trust-architecture/VolumeB/appendices/Appendix-E1B5.html) [E1B5 Build Implementation Instructions](https://pages.nist.gov/zero-trust-architecture/VolumeC/HowTo-E1B5.html) **E2B5** Lookout SSE, Okta Identity Cloud SDP + SASE [E2B5 Build Architecture](https://pages.nist.gov/zero-trust-architecture/VolumeB/appendices/Appendix-E2B5.html) [E2B5 Build Implementation Instructions](https://pages.nist.gov/zero-trust-architecture/VolumeC/HowTo-E2B5.html) E3B5 Microsoft Entra Conditional Access (formerly Azure AD Conditional Access), Microsoft Security Service Edge SDP and SASE [E3B5 Build Architecture](https://pages.nist.gov/zero-trust-architecture/VolumeB/appendices/Appendix-E3B5.html) [E3B5 Build Implementation Instructions](https://pages.nist.gov/zero-trust-architecture/VolumeC/HowTo-E3B5.html) E4B5 AWS Verified Access, Amazon VPC Lattice SDP and Microsegmentation [E4B5 Build Architecture](https://pages.nist.gov/zero-trust-architecture/VolumeB/appendices/Appendix-E4B5.html) [E4B5 Build Implementation Instructions](https://pages.nist.gov/zero-trust-architecture/VolumeC/HowTo-E4B5.html) E1B6 Ivanti Neurons for Zero Trust Access SDP and Microsegmentation [E1B6 Build Architecture](https://pages.nist.gov/zero-trust-architecture/VolumeB/appendices/Appendix-E1B6.html) [E1B6 Build Implementation Instructions](https://pages.nist.gov/zero-trust-architecture/VolumeC/HowTo-E1B6.html) E2B6 Google CEP — Access Context Manager SASE [E2B6 Build Architecture](https://pages.nist.gov/zero-trust-architecture/VolumeB/appendices/Appendix-E2B6.html) [E2B6 Build Implementation Instructions](https://pages.nist.gov/zero-trust-architecture/VolumeC/HowTo-E2B6.html)Let me know if you want this table exported to Excel, a PDF, or visualized as a clickable infographic or architecture map.’This resource is a comprehensive toolkit for organizations navigating the shift to zero trust,’ Kerman said. ‘It demonstrates the capabilities needed to deploy a ZTA effectively.’The rise of distributed workforces and cloud services has rendered traditional perimeter-based security obsolete, as organizations now manage multiple internal networks and external resources.ZTA’s risk-based approach mitigates both internal and external threats by restricting lateral movement within networks, making it a preferred strategy for many organizations, including those mandated to adopt it.The full publication is available through NIST’s website, providing a critical resource for cybersecurity professionals seeking to bolster their defenses in an increasingly complex threat landscape.****Automate threat response with ANY.RUN’s TI Feeds—Enrich alerts and block malicious IPs across all endpoints** –> [**Request full access**](https://intelligence.any.run/plans?utm_source=csn_jun&utm_medium=article&utm_campaign=free-vs-paid-ti-feeds&utm_content=plans&utm_term=100625)**The post [NIST Released 19 Zero Trust Architecture Implementations Guide — What’s New](https://cybersecuritynews.com/nist-zero-trust-architecture-guide/) appeared first on [Cyber Security News](https://cybersecuritynews.com).
Related Tags:
NAICS: 541 – Professional
Scientific
Technical Services
NAICS: 518 – Computing Infrastructure Providers
Data Processing
Web Hosting
Related Services
NAICS: 92 – Public Administration
NAICS: 926 – Administration Of Economic Programs
NAICS: 51 – Information
Blog: Cybersecurity News
Associated Indicators: