What standard should a cloud engineer reference for designing a zero trust architecture?

The standard that a cloud engineer should reference for designing a zero trust architecture is NIST 800-207. This document specifically outlines the principles and components necessary for implementing a zero trust security model. It provides a framework that emphasizes not trusting any entity by default, whether inside or outside the network perimeter, and encourages continuous verification of all access requests.

NIST 800-207 lays out a comprehensive approach to achieving a zero trust architecture, focusing on the need for strong authentication, rigorous access controls, and the use of monitoring and analytics to detect and respond to security threats. This makes it highly relevant for cloud environments, where traditional perimeter-based defenses may be insufficient.

In contrast, the other standards listed provide valuable insights but do not specifically cater to the zero trust model. For instance, NIST 800-53 focuses on general security and privacy controls across various systems, and NIST 800-61 deals with incident handling and response, which, while crucial, are not centered on the design principles of zero trust. Therefore, NIST 800-207 is the most appropriate reference for designing a zero trust architecture in cloud environments.