米国国立標準技術研究所が公開した「Special Publication(SP)800-207 ゼロトラスト・アーキテクチャ」の日本語訳を紹介します。
The National Institute of Standards and Technology recently released a draft special publication for Zero Trust Architecture (ZTA), with the aim of establishing a standard classification criterion for ZTA components. (Note, as of February 2020, NIST has released draft 2 of the Zero Trust Architectur...
2019年9月NIST发布Draft NIST Special Publication 800-207后,开始广泛征求修改意见,并于2020年2月发布最新版本Draft(2nd) NIST Special Publication 800-207。Draft2发布后,奇安信战略咨询规划已经第一时间将两版标准草案进行了对比总结与评述,可参见“《零信任架构》NIST标准草案第2版正式发布和主要变化”。 在本文中...
While a standardized criterion for a ZTA is being established, the U.S. National Institute for Standards and Technology’s (NIST) Special Draft Publication 800-207serves as the primary guidance document, outlining fundamental requirements for achieving zero trust. Per the document, an organization pr...
NIST-SP-800-207-Zero-Trust-Architecture(中文翻译).zip 零信任架构(ZTA)是一种基于零信任原则的企业网络安全架构,旨在防止数 据泄露和限制内部横向移动。本文不仅提供了 ZTA 的定义、逻辑组件、可能的部 署场景和威胁,还为希望迁移到网络基础架构的零信任网络架构设计方法的组织提 供了一个总体路线图,并讨论了可能...
Standard (FIPS) 199, Standards for Security Categorization of Federal Information and Information Systems, is the critical first step in understanding and managing system information and media. Based on the results of categorization, the system owner should refer to NIST Special Publication (SP) 800-...
NIST Special Publication 800-22: A Statistical Test Suite for the Validation of Random Number Generators and Pseudo Random Number Generators for Cryptograp... A. Rukhin, et al.: A Statistical Test Suite for the Validation of Random Number Generators and Pseudo Random Number Generators for Cryptog...
The controls that NIST special publication 800-53 identifies "are flexible, customizable, and implemented as part of an organization-wide process to manage risk. The controls also address "diverse requirements derived from mission and business needs, laws, executive orders...
*2 Special Publication <参照情報>https://www.nist.gov/quick-start-guidesからPwC作成(2024年3月末日現在) 差分アセスメントの重要性 CSF 1.1からCSF 2.0への主な変更点は、サプライチェーンリスク管理の強化、ガバナンスの明確化などです。CSF 2.0への適切な移行を行うことで、組織は以下のメリ...
2015年美国国家标准与技术研究所(NIST)发布了《联邦信息系统和组织的供应链风险管理实践》NIST Special Publication 800-161,该出版物为美国联邦机构的各个级别组织在确定、评估和缓解信息和通信技术(ICT)供应链风险方面提供了相应的指导。该出版物通过采用针对供应链风险管理(SCRM)的多层特定方法,将SCRM集成到联邦机构的...