Since writing my last article for IDPro on zero trust, the NSA went and put out their own guidance on zero trust (Which is actually pretty solid). I wrote a bunch on trying to compare the two- they’re a lot more alike than I anticipated, and I suppose that’s a good thing. It really feels like the US government has (Collectively) come out swinging on this topic, and I don’t think this is a bad thing at all.
You can catch it on the IDPro website. As always, enjoy.
P.S.: I guess I should also note I’m on the editorial committee now for IDPro. I really enjoy being able to give something, anything back to an organization that is looking to make concepts and technologies that are otherwise difficult to understand (whether due to obscurity, complexity, novelty, or some other factor) approachable, and do so in a way that doesn’t favor one particular vendor or style of thinking necessarily.