{"id":139688,"date":"2021-08-11T02:05:20","date_gmt":"2021-08-11T09:05:20","guid":{"rendered":"https:\/\/www.paloaltonetworks.com\/blog\/?p=139688"},"modified":"2021-08-11T02:05:20","modified_gmt":"2021-08-11T09:05:20","slug":"nist-nccoe-zero-trust-architecture","status":"publish","type":"post","link":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/2021\/08\/nist-nccoe-zero-trust-architecture\/?lang=zh-hant","title":{"rendered":"NIST \u9078\u64c7 Palo Alto Networks \u4f5c\u70ba\u96f6\u4fe1\u4efb\u67b6\u69cb\u5c08\u6848"},"content":{"rendered":"<p>2021 \u5e74 5 \u6708\u62dc\u767b\u653f\u5e9c<a href=\"https:\/\/www.whitehouse.gov\/briefing-room\/presidential-actions\/2021\/05\/12\/executive-order-on-improving-the-nations-cybersecurity\/\" rel=\"nofollow,noopener\" >\u300c\u6539\u5584\u570b\u5bb6\u7db2\u8def\u5b89\u5168\u6027\u300d\u884c\u653f\u547d\u4ee4<\/a>\u6982\u8ff0\u7f8e\u570b\u653f\u5e9c\u91dd\u5c0d\u5f37\u5316\u7db2\u8def\u9632\u79a6\u6240\u5fc5\u9808\u63a1\u53d6\u7684\u4e00\u7cfb\u5217\u884c\u52d5\u3002\u7279\u5225\u662f\u5176\u4e2d\u4e00\u9805\u689d\u6b3e\uff0c\u8981\u6c42\u90e8\u9580\u8207\u6a5f\u95dc\u958b\u767c\u4e00\u5957\u5be6\u4f5c\u96f6\u4fe1\u4efb\u67b6\u69cb (ZTA) \u7684\u7b56\u7565\uff0c\u9019\u4f5c\u70ba\u884c\u653f\u547d\u4ee4\u4e2d\u7684\u4e3b\u8981\u8a08\u5283\uff0c\u53ef\u80fd\u5df2\u7d93\u7372\u5f97\u5ee3\u6cdb\u7684\u95dc\u6ce8\u3002<\/p>\n<p>\u5118\u7ba1\u96f6\u4fe1\u4efb\u67b6\u69cb\u662f\u4e00\u500b\u95dc\u9375\u5b89\u5168\u6027\u6982\u5ff5\uff0c\u4f46\u5176\u5be6\u4f5c\u65b9\u9762\u4ecd\u672a\u7372\u5f97\u666e\u904d\u7684\u7406\u89e3\u3002\u70ba\u4e86\u5354\u52a9\u8655\u7406\u6b64\u5dee\u8ddd\u4e26\u652f\u63f4\u806f\u90a6\u653f\u5e9c\u7684\u96f6\u4fe1\u4efb\u65c5\u7a0b\uff0cPalo Alto Networks \u5f88\u69ae\u5e78\u7372\u9078\u70ba\u5354\u4f5c\u8005\uff0c\u8207\u570b\u5bb6\u6a19\u6e96\u8207\u6280\u8853\u7814\u7a76\u9662 (NIST) \u570b\u5bb6\u7db2\u8def\u5b89\u5168\u5353\u8d8a\u4e2d\u5fc3 (NCCoE) \u5c55\u958b\u5408\u4f5c\uff0c\u5171\u540c\u5b8c\u6210\u65b0\u555f\u52d5\u7684<a href=\"https:\/\/www.nccoe.nist.gov\/projects\/building-blocks\/zero-trust-architecture\" rel=\"nofollow,noopener\" >\u5be6\u4f5c\u96f6\u4fe1\u4efb\u67b6\u69cb<\/a>\u5c08\u6848\u3002Palo Alto Networks \u6280\u8853\u5c07\u90e8\u7f72\u81f3 NCCoE \u4e26\u958b\u767c\u5be6\u7528\u4e14\u5354\u4f5c\u7684\u65b9\u6cd5\uff0c\u85c9\u6b64\u8a2d\u8a08\u51fa\u7b26\u5408 <a href=\"https:\/\/nvlpubs.nist.gov\/nistpubs\/SpecialPublications\/NIST.SP.800-207.pdf\" rel=\"nofollow,noopener\" >NIST SP 800-207 \u96f6\u4fe1\u4efb\u67b6\u69cb<\/a>\u4e2d\u6240\u8a18\u8f09\u5b97\u65e8\u8207\u539f\u5247\u7684\u96f6\u4fe1\u4efb\u67b6\u69cb\u3002<\/p>\n<p>\u53d7\u5230\u75ab\u60c5\u5927\u6d41\u884c\u5f71\u97ff\u8f49\u8b8a\u70ba\u9060\u7aef\u5de5\u4f5c\u7684\u671f\u9593\uff0c\u653f\u5e9c\u7d44\u7e54\u660e\u986f\u52a0\u5feb\u6539\u7528\u96f2\u7aef\u7684\u6b65\u8abf\u3002\u6211\u5011\u73fe\u5728\u89c0\u5bdf\u5230\u6df7\u5408\u5f0f\u5de5\u4f5c\u51fa\u73fe\u65b0\u7684\u6f14\u9032\uff0c\u63a1\u7528\u96f6\u4fe1\u4efb\u67b6\u69cb\u7684\u9700\u6c42\u6709\u6240\u63d0\u5347\uff0c\u85c9\u4ee5\u78ba\u4fdd\u5be6\u73fe\u6240\u6709\u6578\u4f4d\u74b0\u5883\u4e2d\u4e00\u81f4\u7684\u5b89\u5168\u653f\u7b56\u57f7\u884c\u3002<\/p>\n<p>\u7db2\u8def\u8207\u96f2\u7aef\u4e2d\u6240\u9700\u7684\u5b89\u5168\u7b56\u7565\u5fc5\u9808\u5f9e\u5177\u5099\u53ef\u8996\u6027\u958b\u59cb\uff0c\u4e5f\u5c31\u662f\u5fc5\u9808\u80fd\u5920\u8b58\u5225\u4f01\u696d\u6574\u9ad4\u66b4\u9732\u7684 IT \u57fa\u790e\u7d50\u69cb\u4ee5\u53ca\u653b\u64ca\u7bc4\u570d\u3002<\/p>\n<p><a href=\"https:\/\/www.paloaltonetworks.com\/blog\/2021\/05\/time-for-zero-trust\/\">\u96f6\u4fe1\u4efb\u65b9\u6cd5<\/a>\u9700\u8981\u5f9e\u982d\u958b\u59cb\u8a2d\u8a08\u7684\u89e3\u6c7a\u65b9\u6848\uff0c\u85c9\u6b64\u6301\u7e8c\u4e14\u53ef\u9760\u5730\u8b58\u5225\u6240\u6709\u4f7f\u7528\u8005\u3001\u88dd\u7f6e\u8207\u61c9\u7528\u7a0b\u5f0f\uff0c\u800c\u4e0d\u8ad6\u5176\u4f4d\u7f6e\u5728\u4f55\u8655\u3002\u5982\u6b64\u53ef\u8b93\u653f\u5e9c IT \u5718\u968a\u5728\u6574\u500b\u6a5f\u69cb\u4e2d\u4e00\u81f4\u5730\u5957\u7528\u4ee5\u8108\u7d61\u70ba\u57fa\u790e\u7684\u653f\u7b56\uff0c\u900f\u904e\u6301\u7e8c\u9a57\u8b49\u5c0d\u6a5f\u69cb\u7db2\u8def\u8207\u6578\u64da\u7684\u5b58\u53d6\uff0c\u5f9e\u800c\u78ba\u4fdd\u6578\u4f4d\u8f49\u578b\u7684\u5b89\u5168\u6027\u3002\u4f8b\u5982 User-ID\u3001App-ID\u3001Device-ID \u8207\u4ee5\u653f\u7b56\u70ba\u57fa\u790e\u7684\u9a57\u8b49\u7b49\u529f\u80fd\uff0c\u5c07\u5354\u52a9\u6a5f\u69cb\u5be6\u4f5c\u96f6\u4fe1\u4efb\u67b6\u69cb\uff0c\u9032\u800c\u5354\u52a9\u4fdd\u8b77\u7db2\u8def\u8207\u4f7f\u7528\u8005\u3002<\/p>\n<p>\u884c\u653f\u547d\u4ee4\u5f37\u8abf\u4e86\u5229\u7528 NIST \u6240\u958b\u767c\u7684\u6a19\u6e96\u8207\u6307\u5c0e\uff0c\u5728\u6240\u6709\u806f\u90a6\u7db2\u8def\u8207\u96f2\u7aef\u74b0\u5883\u4e2d\u5be6\u4f5c\u96f6\u4fe1\u4efb\u7684\u91cd\u8981\u6027\u3002\u5728\u76ee\u524d\u6b63\u5728\u5efa\u7acb\u7684 NIST\/NCCoE \u5be6\u9a57\u5ba4\u74b0\u5883\u4e2d\uff0cPalo Alto Networks \u6280\u8853\u80fd\u5920\u8655\u7406 NCCoE \u9ad8\u968e\u6982\u5ff5\u6027\u96f6\u4fe1\u4efb\u67b6\u69cb\u7684\u6240\u6709\u6838\u5fc3 (\u653f\u7b56\u57f7\u884c\u9ede\u3001\u653f\u7b56\u5f15\u64ce\u3001\u653f\u7b56\u7ba1\u7406\u54e1) \u8207\u529f\u80fd\u5143\u4ef6 (\u6578\u64da\u5b89\u5168\u3001\u7aef\u9ede\u5b89\u5168\u3001\u8eab\u5206\u548c\u5b58\u53d6\u7ba1\u7406\u3001\u5b89\u5168\u5206\u6790)\u3002<\/p>\n<p>\u4e94\u5e74\u591a\u4ee5\u4f86\uff0cPalo Alto Networks \u5df2\u5efa\u7acb\u76f8\u95dc\u6280\u8853\uff0c\u6301\u7e8c\u5354\u52a9\u4f01\u696d\u5728\u5176\u7db2\u8def\u8207\u96f2\u7aef\u74b0\u5883\u4e2d\u5be6\u4f5c\u96f6\u4fe1\u4efb\u3002\u96a8\u8457\u884c\u653f\u547d\u4ee4\u73fe\u5728\u5c07\u570b\u5bb6\u7684\u6ce8\u610f\u529b\u96c6\u4e2d\u5728\u96f6\u4fe1\u4efb\uff0c\u6211\u5011\u5f88\u69ae\u5e78\u5c07\u5be6\u969b\u7d93\u9a57\u8207\u5c08\u696d\u77e5\u8b58\u5e36\u5165 NCCoE \u7684\u96f6\u4fe1\u4efb\u67b6\u69cb\u5c08\u6848\uff0c\u4e26\u9032\u4e00\u6b65\u627f\u8afe\u63d0\u4f9b\u806f\u90a6\u6a5f\u69cb\u4fdd\u8b77\u5176\u95dc\u9375\u4efb\u52d9\u6240\u9700\u7684\u76f8\u95dc\u6307\u5c0e\u8207\u5de5\u5177\u3002<\/p>\n","protected":false},"excerpt":{"rendered":"<p>2021 \u5e74 5 \u6708\u62dc\u767b\u653f\u5e9c\u300c\u6539\u5584\u570b\u5bb6\u7db2\u8def\u5b89\u5168\u6027\u300d\u884c\u653f\u547d\u4ee4\u6982\u8ff0\u7f8e\u570b\u653f\u5e9c\u91dd\u5c0d\u5f37\u5316\u7db2\u8def\u9632\u79a6\u6240\u5fc5\u9808\u63a1\u53d6\u7684\u4e00\u7cfb\u5217\u884c\u52d5\u3002\u7279\u5225\u662f\u5176\u4e2d\u4e00\u9805\u689d\u6b3e\uff0c\u8981\u6c42\u90e8\u9580\u8207\u6a5f\u95dc\u958b\u767c\u4e00\u5957\u5be6\u4f5c\u96f6\u4fe1\u4efb\u67b6\u69cb (ZTA) \u7684\u7b56\u7565\uff0c\u9019\u4f5c\u70ba\u884c\u653f\u547d\u4ee4\u4e2d\u7684\u4e3b\u8981\u8a08\u5283\uff0c\u53ef\u80fd\u5df2\u7d93\u7372\u5f97\u5ee3\u6cdb\u7684\u95dc\u6ce8\u3002 \u5118\u7ba1\u96f6\u4fe1\u4efb\u67b6\u69cb\u662f\u4e00\u500b\u95dc\u9375\u5b89\u5168\u6027\u6982\u5ff5\uff0c\u4f46\u5176\u5be6\u4f5c\u65b9\u9762\u4ecd\u672a\u7372\u5f97\u666e\u904d\u7684\u7406\u89e3\u3002\u70ba\u4e86\u5354\u52a9\u8655\u7406\u6b64\u5dee\u8ddd\u4e26\u652f\u63f4\u806f\u90a6\u653f\u5e9c\u7684\u96f6\u4fe1\u4efb\u65c5\u7a0b\uff0cPalo Alto Networks \u5f88\u69ae\u5e78\u7372\u9078\u70ba\u5354\u4f5c\u8005\uff0c\u8207\u570b\u5bb6\u6a19\u6e96\u8207\u6280\u8853\u7814\u7a76\u9662 (NIST) \u570b\u5bb6\u7db2\u8def\u5b89\u5168\u5353\u8d8a\u4e2d\u5fc3 (NCCoE) \u5c55\u958b\u5408\u4f5c\uff0c\u5171\u540c\u5b8c\u6210\u65b0\u555f\u52d5\u7684\u5be6\u4f5c\u96f6\u4fe1\u4efb\u67b6\u69cb\u5c08\u6848\u3002Palo Alto Networks \u6280\u8853\u5c07\u90e8\u7f72\u81f3 NCCoE \u4e26\u958b\u767c\u5be6\u7528\u4e14\u5354\u4f5c\u7684\u65b9\u6cd5\uff0c\u85c9\u6b64\u8a2d\u8a08\u51fa\u7b26\u5408 NIST SP 800-207 \u96f6\u4fe1\u4efb\u67b6\u69cb\u4e2d\u6240\u8a18\u8f09\u5b97\u65e8\u8207\u539f\u5247\u7684\u96f6\u4fe1\u4efb\u67b6\u69cb\u3002 \u53d7\u5230\u75ab\u60c5\u5927\u6d41\u884c\u5f71\u97ff\u8f49\u8b8a\u70ba\u9060\u7aef\u5de5\u4f5c\u7684\u671f\u9593\uff0c\u653f\u5e9c\u7d44\u7e54\u660e\u986f\u52a0\u5feb\u6539\u7528\u96f2\u7aef\u7684\u6b65\u8abf\u3002\u6211\u5011\u73fe\u5728\u89c0\u5bdf\u5230\u6df7\u5408\u5f0f\u5de5\u4f5c\u51fa\u73fe\u65b0\u7684\u6f14\u9032\uff0c\u63a1\u7528\u96f6\u4fe1\u4efb\u67b6\u69cb\u7684\u9700\u6c42\u6709\u6240\u63d0\u5347\uff0c\u85c9\u4ee5\u78ba\u4fdd\u5be6\u73fe\u6240\u6709\u6578\u4f4d\u74b0\u5883\u4e2d\u4e00\u81f4\u7684\u5b89\u5168\u653f\u7b56\u57f7\u884c\u3002 \u7db2\u8def\u8207\u96f2\u7aef\u4e2d\u6240\u9700\u7684\u5b89\u5168\u7b56\u7565\u5fc5\u9808\u5f9e\u5177\u5099\u53ef\u8996\u6027\u958b\u59cb\uff0c\u4e5f\u5c31\u662f\u5fc5\u9808\u80fd\u5920\u8b58\u5225\u4f01\u696d\u6574\u9ad4\u66b4\u9732\u7684 IT \u57fa\u790e\u7d50\u69cb\u4ee5\u53ca\u653b\u64ca\u7bc4\u570d\u3002 \u96f6\u4fe1\u4efb\u65b9\u6cd5\u9700\u8981\u5f9e\u982d\u958b\u59cb\u8a2d\u8a08\u7684\u89e3\u6c7a\u65b9\u6848\uff0c\u85c9\u6b64\u6301\u7e8c\u4e14\u53ef\u9760\u5730\u8b58\u5225\u6240\u6709\u4f7f\u7528\u8005\u3001\u88dd\u7f6e\u8207\u61c9\u7528\u7a0b\u5f0f\uff0c\u800c\u4e0d\u8ad6\u5176\u4f4d\u7f6e\u5728\u4f55\u8655\u3002\u5982\u6b64\u53ef\u8b93\u653f\u5e9c IT \u5718\u968a\u5728\u6574\u500b\u6a5f\u69cb\u4e2d\u4e00\u81f4\u5730\u5957\u7528\u4ee5\u8108\u7d61\u70ba\u57fa\u790e\u7684\u653f\u7b56\uff0c\u900f\u904e\u6301\u7e8c\u9a57\u8b49\u5c0d\u6a5f\u69cb\u7db2\u8def\u8207\u6578\u64da\u7684\u5b58\u53d6\uff0c\u5f9e\u800c\u78ba\u4fdd\u6578\u4f4d\u8f49\u578b\u7684\u5b89\u5168\u6027\u3002\u4f8b\u5982 User-ID\u3001App-ID\u3001Device-ID \u8207\u4ee5\u653f\u7b56\u70ba\u57fa\u790e\u7684\u9a57\u8b49\u7b49\u529f\u80fd\uff0c\u5c07\u5354\u52a9\u6a5f\u69cb\u5be6\u4f5c\u96f6\u4fe1\u4efb\u67b6\u69cb\uff0c\u9032\u800c\u5354\u52a9\u4fdd\u8b77\u7db2\u8def\u8207\u4f7f\u7528\u8005\u3002 &hellip;<\/p>\n","protected":false},"author":129,"featured_media":138894,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[3543],"tags":[],"coauthors":[1179],"class_list":["post-139688","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-3543"],"jetpack_featured_media_url":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-content\/uploads\/2021\/07\/Looking-Closely-1.jpg","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/139688","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/users\/129"}],"replies":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/comments?post=139688"}],"version-history":[{"count":2,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/139688\/revisions"}],"predecessor-version":[{"id":139690,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/posts\/139688\/revisions\/139690"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media\/138894"}],"wp:attachment":[{"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/media?parent=139688"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/categories?post=139688"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/tags?post=139688"},{"taxonomy":"author","embeddable":true,"href":"https:\/\/origin-researchcenter.paloaltonetworks.com\/blog\/wp-json\/wp\/v2\/coauthors?post=139688"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}