NCCoE Guide on Zero Trust Architectures: Draft Released

Share this blog

For some time now, security teams have been contending with a fundamental shift: the erosion or complete disappearance of a security perimeter. When sensitive assets can be anywhere, the prospect of building defenses aimed at keeping the bad actors “out” becomes impractical. It is for these reasons that the establishment of zero trust architectures has emerged as a vital imperative.

Introducing the Zero Trust Architecture Project

Back in 2018, the National Cybersecurity Center of Excellence (NCCoE) at the National Institute of Standards and Technology (NIST) launched the Zero Trust Architecture project. Through this project, the NCCoE is focused on helping enterprises and government agencies establish end-to-end, zero-trust architectures that reduce the risk of cyber attacks.

We’re excited to announce that on July 7th, 2022, the NCCoE published the preliminary draft practice guide, NIST Special Publication (SP) 1800-35A. Entitled “Implementing a Zero Trust Architecture,” this guide outlines how teams can employ commercially available technology to build interoperable, open standards-based zero trust architecture implementations

Zimperium was selected to work with the NCCoE on this project in February. We’re honored to be collaborating with the NCCoE and other technology providers to help advance the knowledge and guidance available in this critical area.

As part of this effort, we’re helping build several samples of zero trust architecture solutions that demonstrate how teams can secure access to corporate resources. These solutions will enforce corporate security policies dynamically and in near-real-time. With these solutions, teams will be able to ensure that only authenticated, authorized users and devices will be able to access sensitive assets. At the same time, these solutions will flexibly enable a complex, diverse set of business use cases, including support for remote workforces, cloud services, partners, and third-party contractors.


We encourage anyone who’s involved in managing security for their organization to review this draft. This guide will provide solid, proven guidelines for establishing effective zero trust implementations. Commercial mobile network operators, potential private zero trust network operators, and teams managing zero trust-enabled technology will find this publication particularly valuable. In addition, between now and August 8th, 2022, the preliminary draft guide is open for public comment. We encourage you to share your feedback and insights. Finally, to receive updates about our progress, please join the Zero Trust Architecture Community of Interest.

About the National Cybersecurity Center of Excellence

The National Cybersecurity Center of Excellence (NCCoE), a part of the National Institute of Standards and Technology (NIST), is a collaborative hub where industry organizations, government agencies, and academic institutions work together to address businesses’ most pressing cybersecurity issues. This public-private partnership enables the creation of practical cybersecurity solutions for specific industries, as well as for broad, cross-sector technology challenges. Through consortia under Cooperative Research and Development Agreements (CRADAs), including technology partners—from Fortune 50 market leaders to smaller companies specializing in IT security—the NCCoE applies standards and best practices to develop modular, adaptable example cybersecurity solutions using commercially available technology. The NCCoE documents these example solutions in the NIST Special Publication 1800 series, which maps capabilities to the NIST Cybersecurity Framework and details the steps needed for another entity to recreate the example solution. The NCCoE was established in 2012 by NIST in partnership with the State of Maryland and Montgomery County, Maryland. Information is available at:

About Zimperium

Zimperium, Inc. is a global leader in mobile device and app security. Zimperium zIPS™ is an advanced mobile threat defense solution for enterprises, providing persistent, on-device protection to Android, Chrome OS, and iOS-powered mobile endpoints. Leveraging advanced machine learning, zIPS detects threats across the kill chain including device, network, phishing, and app attacks. By design, zIPS protects end-user privacy, ensuring that Federal agencies comply with Zero Trust Architecture (ZTA) and privacy mandates. For more information or to schedule a demo, contact us today.

Zimperium We Secure Mobile Contact Us Banner

Jim Kovach
Author: Jim Kovach
Mobile Security Specialist, Public Sector. View the author's experience and accomplishments on LinkedIn.

Get started with Zimperium today