SailPoint Selected for NIST Zero Trust Implementation Project to Mitigate National Cybersecurity Risk

Authored by Frank Briguglio, CISSP | SailPoint Public Sector Strategist

Digital transformation and IT modernization are increasing the adoption of cloud data and applications at a pace never seen before. Now, our borders are open to remote users and non-traditional mission partners, which have dissolved traditional network boundaries rendering them ineffective.  Today, to be secure, we must implement other methods: zero trust is a concept and paradigm shift in how we think about security to protect our nation’s keys to the kingdom in this “perimeter-less” world. 

The National Institute of Standards and Technology (NIST) National Cybersecurity Center of Excellence (NCCoE) is bringing together a best-of-breed to build a team of zero trust leaders for a cooperative research and development project titled, “Implementing a Zero Trust Architecture.” The goal of the project is to build zero trust cybersecurity architectures to help organizations mitigate cybersecurity risk. After all, zero trust is a team sport. 

NIST’s NCCoE isn’t the only player in this zero trust quest. President Biden recently signed an executive order, “Improving the Nation’s Cybersecurity” making zero trust a top priority for modernizing U.S. federal government cybersecurity and requiring federal agencies to quickly develop plans to implement zero trust architectures. 

SailPoint is one of 18 technology vendors that will work with the NCCoE to demonstrate several approaches to implementing zero trust architectures, which will be designed and deployed according to the concepts and tenets documented in NIST’s Zero Trust Architecture special publication (SP 800-207).   

SailPoint’s identity security offerings will enable the project to build a dynamic and identity-aware environment. Strong administration processes and accurate governance are the foundation of identity, credentialing, and access management (ICAM). Having a truly trusted source of controls and oversight is required to ensure that stronger authentication and deeper authorization can be delivered promptly. The process of ensuring that the right accounts, entitlements, and attributes are in place is where identity security comes into play; allowing agencies to control the lifecycle of the very policies and data that now drive this ongoing process. 

As a result of this project, the NCCoE will compose and release a publicly available NIST Cybersecurity Practice Guide, which will include several zero trust cybersecurity reference designs that address a variety of real-world cybersecurity and infrastructure challenges that any enterprise can adopt to improve their cybersecurity posture.  

SailPoint is joined by collaborators Amazon Web Services, AppGate Federal, Cisco, F5 Networks, FireEye, Forescout, IBM Corp, Ivanti, McAfee Corp, Microsoft, Okta, Palo Alto Networks, PC Matic, Radiant Logic, Symantec (Broadcom), Tenable, and Zscaler. 

We will provide updates on the SailPoint blog as we continue our work on the “Implementing a Zero Trust Architecture” project.


Discussion