Zero Trust (ZT) Concepts for Federal Government Architectures
Abstract
This report provides a breakdown of the dimensions and capabilities that make up a ZT architecture. The three National Institute of Standards and Technology (NIST) models are summarized, and case studies of four ZT architectures are described: BeyondCorp, Next-Generation Firewall (NGFW)/Forrester, Software-Defined Perimeter, and VMWare/NSX. Of these choices, the architecture that is the best fit for a particular organization depends on the mission of that organization. For a public service agency whose main mission is to interact with the public, any of the architectures would meet their needs, and which to choose depends heavily on the existing infrastructure. A virtualized architecture similar to the VMWare/NSX would provide the most benefit, though it may be the most difficult to migrate to. For a public safety-focused agency with many field agents who do not have continuous internet access and utilize many sensors and Internet of Things (IoT) devices, an SDP-based solution is recommended. For a larger umbrella organization that may have sub-organizations, as the previous two exemplars, a federated architecture is recommended to be able to accommodate the diversity of requirements.
Document Details
- Document Type
- Technical Report
- Publication Date
- Jul 30, 2020
- Accession Number
- AD1106904
Entities
People
- K. D. Uttecht
Organizations
- Massachusetts Institute of Technology