Federal Cybersecurity

Josef Kamara, CPA, CISSP, CISA · Updated May 6, 2026 · 1 minute read

NIST SP 800-207

NIST Special Publication 800-207, "Zero Trust Architecture", published August 2020 by the NIST Computer Security Division. The publication is the federal canonical definition of zero trust: an architecture that assumes no implicit trust based on network location and instead authenticates and authorizes every access request based on the identity, the device posture, and the resource sensitivity at the moment of the request. SP 800-207 introduces the Policy Decision Point and Policy Enforcement Point reference model that CISA Zero Trust Maturity Model and OMB Memorandum M-22-09 build on.

The Authority Brief

One compliance analysis per week from Josef Kamara, CPA, CISSP, CISA. Federal and private compliance, written for practitioners.