Over 15 years since its initial conception, and more than three years since the U.S. federal government made it a fundamental tenet of its overall cybersecurity strategy, Zero Trust has only become a more important strategic framework for government and critical infrastructure alike.
The strategic emphasis on Zero Trust implementation in high-level U.S. government policies, like the Presidential Executive Order on Improving the Nation's Cybersecurity, made it clear that federal departments and private enterprises should consider Zero Trust architecture (ZTA) implementation. But, the question of how has been less clear. To address that knowledge gap, the U.S. federal Zero Trust Strategy advised organizations to look toward an authoritative source of cybersecurity standards and best practices for guidance – the U.S. National Institute of Standards and Technology (NIST).
That's why, just over three years ago, Palo Alto Networks was honored to announce our initial selection to join NIST’s National Cybersecurity Center of Excellence’s Zero Trust Architecture (ZTA) lab. Following our selection, a team from Palo Alto Networks went hard at work, partnering with NIST and industry peers to build end-to-end Zero Trust architectures in NIST’s labs by leveraging a broad range of Palo Alto Networks technologies.
The result: NIST Special Publication 1800-35 on Implementing a Zero Trust Architecture, a high-level strategic blueprint for any organization looking to start or mature their own Zero Trust journeys. NIST also published a more extensive web version of the Special Publication, including technical details about how to specifically deploy and configure several technologies by Palo Alto Networks to achieve Zero Trust outcomes. For easy reference, the table below highlights the key Palo Alto Networks references throughout the Special Publication.
The overall goal of Palo Alto Networks partnering with NIST was to demonstrate that it is possible to build interoperable, end-to-end Zero Trust architectures, reducing the operational integration challenges that so often prevent organizations from practically implementing Zero Trust. To address these barriers, we embraced a few fundamental principles that define our Zero Trust strategy:
Continuous Trust Verification
- Challenge – Organizations need continuous trust verification and consistent policy enforcement across all locations, users and applications to implement effective Zero Trust.
- Solution – The primary NIST lab build for Palo Alto Networks (Enterprise 1, Build 5) included natively integrated capabilities spanning network security, cloud delivered services, cloud security and single vendor SASE (SSE+SD-WAN), securing a wide range of Zero Trust use cases from on premise to remote work.
Single Policy Enforcement — Any User, Any Application, Any Location
- Challenge – Organizations are managing dozens of security vendors that often lack interoperability and make consistent security enforcement impossible.
- Solution – We demonstrated the platformization approach of Palo Alto Networks by deploying our Strata Cloud Manager and Panorama solutions to provide a single management and operations plane for all security infrastructure.
Multi-Vendor Interoperability
- Challenge – Organizations need the ability to effectively integrate their security platforms with third-party tools already deployed in their environments.
- Solution – We demonstrated the wide range of technology integrations offered by Palo Alto Networks to make our three platforms even more powerful and simplify security for our customers. In the NIST lab, we technically demonstrated third-party integrations with key partners across the Zero Trust ecosystem, including AWS, Microsoft, Okta, Radiant Logic, SailPoint, Tenable, IBM’s QRadar and more.
Curious about the new NIST Special Publication on Zero Trust Architecture and how you can deploy and configure Palo Alto Networks technologies to achieve your own Zero Trust goals? Check out this quick reference guide for an overview of how Palo Alto Networks was featured:
NIST Special Publication 1800-35: Zero Trust Architecture
|
Project Overview
Describes how core Palo Alto Networks capabilities like User-ID, App-ID and Device-ID enable consistent Zero Trust policy enforcement across Next Generation Firewall (hardware-based, virtualized and containerized form factors), Prisma Access and Cortex XDR. |
Architecture and Builds: ZTA Laboratory Physical Architecture
Describes how Palo Alto Networks Next Generation Firewall (PA-5250) was used to protect the internet access point for NIST’s entire ZTA lab, and how a single PA-5250 NGFW (split into virtual systems) was used to protect the network perimeter for each of the lab’s five simulated enterprises and branch offices. |
Builds Architecture Details: Enterprise 1, Build 5
Features Enterprise 1 Build 5, an end-to-end ZTA solution that features numerous Palo Alto Networks technologies:
|
How-To Guide: Enterprise 1, Build 5
Describes detailed instructions for installing, configuring and integrating all of the Palo Alto Networks technologies (listed above) used to implement Enterprise 1, Build 5. |
Functional Demonstration: Enterprise 1, Build 5
Describes how Palo Alto Networks technologies featured in Enterprise 1, Build 5 were tested and validated by NIST as technically meeting several defined Zero Trust use cases and scenarios. |