Zero Trust Architecture in Healthcare Institutions
About: In this executive summary, we discuss the adoption of Zero‐Trust Architecture by an XYZ healthcare organization that currently has a security program in place. The intent of this summary is to provide a brief overview of what Zero‐Trust is; the benefits to an organization; and the considerations prior to adoption Definition: The National Institute of Standards and Technology (NIST) [1] defines Zero Trust Architecture (ZTA) as a security model and a cybersecurity and system management strategy that has been well coordinated with a baseline understanding of threats that exist both inside and outside the traditional network boundaries. To eliminate implicit trust in any one element, component, node, or service, and instead enforce continuous verification of the operational picture via real-time information from multiple sources, a zero-trust security model follows the concept of ‘never trust and always verify’. A ZTA model protects users, devices, network infrastructure, appli...