NET-01.1: Zero Trust Architecture (ZTA)

NET-01.1 · Zero Trust Architecture (ZTA)

Control Description

Mechanisms exist to treat all users and devices as potential threats and prevent access to data and resources until the users can be properly authenticated and their access authorized.

Control Question

Assessment question for control validation

Does the organization treat all users and devices as potential threats and prevent access to data and resources until the users can be properly authenticated and their access authorized?

Control Weighting

Validation Cadence

Annual

NIST CSF Function

Protect

Supply Chain Risk Management (SCRM) Tiers

Applicable SCRM tier levels for this control

Tier 1 - Strategic

Tier 2 - Operational

Tier 3 - Tactical