This draft standard for Zero Trust Security provides a comprehensive framework for implementing Zero Trust Architecture (ZTA), a cybersecurity paradigm that emphasizes the principles of "never trust, always verify," assume breach, and apply least privilege. The standard outlines requirements for transitioning from traditional perimeter-based security models to dynamic, granular security controls that protect organizational assets. The framework is structured around five core domains--Identity, Devices, Networks, Applications & Workloads, and Data--and three cross-cutting domains--Governance, Visibility & Analytics, and Automation & Orchestration. It offers guidance on aligning security policies, implementing continuous monitoring, automating security actions, and safeguarding sensitive data. Designed for developers, architects, and governance stakeholders, this standard aims to mitigate risks, enhance compliance, and adapt to the evolving threat landscape. It emphasizes incremental implementation, organizational change management, and leadership oversight to ensure the successful adoption of Zero Trust principles.
- Standard Committee
- C/CPSC - Cybersecurity and Privacy Standards Committee
- Status
- Active PAR
- PAR Approval
- 2023-09-21
Working Group Details
- Society
- IEEE Computer Society
- Standard Committee
- C/CPSC - Cybersecurity and Privacy Standards Committee
- Working Group
-
ZTSWG - Zero Trust Security
- IEEE Program Manager
- Christian Orlando
Contact Christian Orlando - Working Group Chair
- Ron Martin
Other Activities From This Working Group
Current projects that have been authorized by the IEEE SA Standards Board to develop a standard.
P2887
Recommended Practice for Zero Trust Security
This recommended practice provides security guidance for Zero Trust Security (ZTS) architectures and implementations.
Standards approved by the IEEE SA Standards Board that are within the 10-year lifecycle.
No Active Standards
These standards have been replaced with a revised version of the standard, or by a compilation of the original active standard and all its existing amendments, corrigenda, and errata.
No Superseded Standards
These standards have been removed from active status through a ballot where the standard is made inactive as a consensus decision of a balloting group.
No Inactive-Withdrawn Standards
These standards are removed from active status through an administrative process for standards that have not undergone a revision process within 10 years.
No Inactive-Reserved Standards