[](https://www.paloaltonetworks.com/?ts=markdown) * Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get Support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) ![x close icon to close mobile navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/x-black.svg) [![Palo Alto Networks logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg)](https://www.paloaltonetworks.com/?ts=markdown) ![magnifying glass search icon to open search field](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/search-black.svg) * [](https://www.paloaltonetworks.com/?ts=markdown) * Products ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Products [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [AI Security](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise Device Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical Device Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [OT Device Security](https://www.paloaltonetworks.com/network-security/ot-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex AgentiX](https://www.paloaltonetworks.com/cortex/agentix?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Exposure Management](https://www.paloaltonetworks.com/cortex/exposure-management?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Cortex Advanced Email Security](https://www.paloaltonetworks.com/cortex/advanced-email-security?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Unit 42 Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) [![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberark/Seamless_IDs_small.jpg) Identity Security](https://www.paloaltonetworks.com/identity-security?ts=markdown) * Solutions ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Solutions Secure AI by Design * [Secure AI Ecosystem](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [Secure GenAI Usage](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) Network Security * [Cloud Network Security](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Data Center Security](https://www.paloaltonetworks.com/network-security/data-center?ts=markdown) * [DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Intrusion Detection and Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Device Security](https://www.paloaltonetworks.com/network-security/device-security?ts=markdown) * [OT Security](https://www.paloaltonetworks.com/network-security/ot-security-solution?ts=markdown) * [5G Security](https://www.paloaltonetworks.com/network-security/5g-security?ts=markdown) * [Secure All Apps, Users and Locations](https://www.paloaltonetworks.com/sase/secure-users-data-apps-devices?ts=markdown) * [Secure Branch Transformation](https://www.paloaltonetworks.com/sase/secure-branch-transformation?ts=markdown) * [Secure Work on Any Device](https://www.paloaltonetworks.com/sase/secure-work-on-any-device?ts=markdown) * [VPN Replacement](https://www.paloaltonetworks.com/sase/vpn-replacement-for-secure-remote-access?ts=markdown) * [Web \& Phishing Security](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) Cloud Security * [Application Security Posture Management (ASPM)](https://www.paloaltonetworks.com/cortex/cloud/application-security-posture-management?ts=markdown) * [Software Supply Chain Security](https://www.paloaltonetworks.com/cortex/cloud/software-supply-chain-security?ts=markdown) * [Code Security](https://www.paloaltonetworks.com/cortex/cloud/code-security?ts=markdown) * [Cloud Security Posture Management (CSPM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-security-posture-management?ts=markdown) * [Cloud Infrastructure Entitlement Management (CIEM)](https://www.paloaltonetworks.com/cortex/cloud/cloud-infrastructure-entitlement-management?ts=markdown) * [Data Security Posture Management (DSPM)](https://www.paloaltonetworks.com/cortex/cloud/data-security-posture-management?ts=markdown) * [AI Security Posture Management (AI-SPM)](https://www.paloaltonetworks.com/cortex/cloud/ai-security-posture-management?ts=markdown) * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Cloud Workload Protection (CWP)](https://www.paloaltonetworks.com/cortex/cloud/cloud-workload-protection?ts=markdown) * [Web Application \& API Security (WAAS)](https://www.paloaltonetworks.com/cortex/cloud/web-app-api-security?ts=markdown) Security Operations * [Cloud Detection \& Response](https://www.paloaltonetworks.com/cortex/cloud-detection-and-response?ts=markdown) * [Security Information and Event Management](https://www.paloaltonetworks.com/cortex/modernize-siem?ts=markdown) * [Network Security Automation](https://www.paloaltonetworks.com/cortex/network-security-automation?ts=markdown) * [Incident Case Management](https://www.paloaltonetworks.com/cortex/incident-case-management?ts=markdown) * [SOC Automation](https://www.paloaltonetworks.com/cortex/security-operations-automation?ts=markdown) * [Threat Intel Management](https://www.paloaltonetworks.com/cortex/threat-intel-management?ts=markdown) * [Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Attack Surface Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/attack-surface-management?ts=markdown) * [Compliance Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/compliance-management?ts=markdown) * [Internet Operations Management](https://www.paloaltonetworks.com/cortex/cortex-xpanse/internet-operations-management?ts=markdown) * [Extended Data Lake (XDL)](https://www.paloaltonetworks.com/cortex/cortex-xdl?ts=markdown) * [Agentic Assistant](https://www.paloaltonetworks.com/cortex/cortex-agentic-assistant?ts=markdown) Endpoint Security * [Endpoint Protection](https://www.paloaltonetworks.com/cortex/endpoint-protection?ts=markdown) * [Extended Detection \& Response](https://www.paloaltonetworks.com/cortex/detection-and-response?ts=markdown) * [Ransomware Protection](https://www.paloaltonetworks.com/cortex/ransomware-protection?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/cortex/digital-forensics?ts=markdown) [Industries](https://www.paloaltonetworks.com/industry?ts=markdown) * [Public Sector](https://www.paloaltonetworks.com/industry/public-sector?ts=markdown) * [Financial Services](https://www.paloaltonetworks.com/industry/financial-services?ts=markdown) * [Manufacturing](https://www.paloaltonetworks.com/industry/manufacturing?ts=markdown) * [Healthcare](https://www.paloaltonetworks.com/industry/healthcare?ts=markdown) * [Small \& Medium Business Solutions](https://www.paloaltonetworks.com/industry/small-medium-business-portfolio?ts=markdown) [![](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/cyberark/Seamless_IDs_small.jpg) Identity Security](https://www.paloaltonetworks.com/identity-security?ts=markdown) * Services ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Services [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Assess](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [AI Security Assessment](https://www.paloaltonetworks.com/unit42/assess/ai-security-assessment?ts=markdown) * [Attack Surface Assessment](https://www.paloaltonetworks.com/unit42/assess/attack-surface-assessment?ts=markdown) * [Breach Readiness Review](https://www.paloaltonetworks.com/unit42/assess/breach-readiness-review?ts=markdown) * [BEC Readiness Assessment](https://www.paloaltonetworks.com/bec-readiness-assessment?ts=markdown) * [Cloud Security Assessment](https://www.paloaltonetworks.com/unit42/assess/cloud-security-assessment?ts=markdown) * [Compromise Assessment](https://www.paloaltonetworks.com/unit42/assess/compromise-assessment?ts=markdown) * [Cyber Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/cyber-risk-assessment?ts=markdown) * [M\&A Cyber Due Diligence](https://www.paloaltonetworks.com/unit42/assess/mergers-acquisitions-cyber-due-diligence?ts=markdown) * [Penetration Testing](https://www.paloaltonetworks.com/unit42/assess/penetration-testing?ts=markdown) * [Purple Team Exercises](https://www.paloaltonetworks.com/unit42/assess/purple-teaming?ts=markdown) * [Ransomware Readiness Assessment](https://www.paloaltonetworks.com/unit42/assess/ransomware-readiness-assessment?ts=markdown) * [SOC Assessment](https://www.paloaltonetworks.com/unit42/assess/soc-assessment?ts=markdown) * [Supply Chain Risk Assessment](https://www.paloaltonetworks.com/unit42/assess/supply-chain-risk-assessment?ts=markdown) * [Tabletop Exercises](https://www.paloaltonetworks.com/unit42/assess/tabletop-exercise?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Respond](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Cloud Incident Response](https://www.paloaltonetworks.com/unit42/respond/cloud-incident-response?ts=markdown) * [Digital Forensics](https://www.paloaltonetworks.com/unit42/respond/digital-forensics?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond/incident-response?ts=markdown) * [Managed Detection and Response](https://www.paloaltonetworks.com/unit42/respond/managed-detection-response?ts=markdown) * [Managed Threat Hunting](https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Unit 42 Retainer](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * [Transform](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [IR Plan Development and Review](https://www.paloaltonetworks.com/unit42/transform/incident-response-plan-development-review?ts=markdown) * [Security Program Design](https://www.paloaltonetworks.com/unit42/transform/security-program-design?ts=markdown) * [Virtual CISO](https://www.paloaltonetworks.com/unit42/transform/vciso?ts=markdown) * [Zero Trust Advisory](https://www.paloaltonetworks.com/unit42/transform/zero-trust-advisory?ts=markdown) [Global Customer Services](https://www.paloaltonetworks.com/services?ts=markdown) * [Education \& Training](https://www.paloaltonetworks.com/services/education?ts=markdown) * [Professional Services](https://www.paloaltonetworks.com/services/consulting?ts=markdown) * [Success Tools](https://www.paloaltonetworks.com/services/customer-success-tools?ts=markdown) * [Support Services](https://www.paloaltonetworks.com/services/solution-assurance?ts=markdown) * [Customer Success](https://www.paloaltonetworks.com/services/customer-success?ts=markdown) [![](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/logo-unit-42.svg) UNIT 42 RETAINER Custom-built to fit your organization's needs, you can choose to allocate your retainer hours to any of our offerings, including proactive cyber risk management services. Learn how you can put the world-class Unit 42 Incident Response team on speed dial. Learn more](https://www.paloaltonetworks.com/unit42/retainer?ts=markdown) * Partners ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Partners NextWave Partners * [NextWave Partner Community](https://www.paloaltonetworks.com/partners?ts=markdown) * [Cloud Service Providers](https://www.paloaltonetworks.com/partners/nextwave-for-csp?ts=markdown) * [Global Systems Integrators](https://www.paloaltonetworks.com/partners/nextwave-for-gsi?ts=markdown) * [Technology Partners](https://www.paloaltonetworks.com/partners/technology-partners?ts=markdown) * [Service Providers](https://www.paloaltonetworks.com/partners/service-providers?ts=markdown) * [Solution Providers](https://www.paloaltonetworks.com/partners/nextwave-solution-providers?ts=markdown) * [Managed Security Service Providers](https://www.paloaltonetworks.com/partners/managed-security-service-providers?ts=markdown) * [XMDR Partners](https://www.paloaltonetworks.com/partners/managed-security-service-providers/xmdr?ts=markdown) Take Action * [Portal Login](https://www.paloaltonetworks.com/partners/nextwave-partner-portal?ts=markdown) * [Managed Services Program](https://www.paloaltonetworks.com/partners/managed-security-services-provider-program?ts=markdown) * [Become a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=becomepartner) * [Request Access](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerregistration?type=requestaccess) * [Find a Partner](https://paloaltonetworks.my.site.com/NextWavePartnerProgram/s/partnerlocator) [CYBERFORCE CYBERFORCE represents the top 1% of partner engineers trusted for their security expertise. Learn more](https://www.paloaltonetworks.com/cyberforce?ts=markdown) * Company ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Company Palo Alto Networks * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Management Team](https://www.paloaltonetworks.com/about-us/management?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com) * [Locations](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Ethics \& Compliance](https://www.paloaltonetworks.com/company/ethics-and-compliance?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Military \& Veterans](https://jobs.paloaltonetworks.com/military) [Why Palo Alto Networks?](https://www.paloaltonetworks.com/why-paloaltonetworks?ts=markdown) * [Precision AI Security](https://www.paloaltonetworks.com/precision-ai-security?ts=markdown) * [Our Platform Approach](https://www.paloaltonetworks.com/why-paloaltonetworks/platformization?ts=markdown) * [Accelerate Your Cybersecurity Transformation](https://www.paloaltonetworks.com/why-paloaltonetworks/nam-cxo-portfolio?ts=markdown) * [Awards \& Recognition](https://www.paloaltonetworks.com/about-us/awards?ts=markdown) * [Customer Stories](https://www.paloaltonetworks.com/customers?ts=markdown) * [Global Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Trust 360 Program](https://www.paloaltonetworks.com/resources/whitepapers/trust-360?ts=markdown) Careers * [Overview](https://jobs.paloaltonetworks.com/) * [Culture \& Benefits](https://jobs.paloaltonetworks.com/en/culture/) [A Newsweek Most Loved Workplace "Businesses that do right by their employees" Read more](https://www.paloaltonetworks.com/company/press/2021/palo-alto-networks-secures-top-ranking-on-newsweek-s-most-loved-workplaces-list-for-2021?ts=markdown) * More ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) More Resources * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Unit 42 Threat Research](https://unit42.paloaltonetworks.com/) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Tech Insider](https://techinsider.paloaltonetworks.com/) * [Knowledge Base](https://knowledgebase.paloaltonetworks.com/) * [Palo Alto Networks TV](https://tv.paloaltonetworks.com/) * [Perspectives of Leaders](https://www.paloaltonetworks.com/perspectives/?ts=markdown) * [Cyber Perspectives Magazine](https://www.paloaltonetworks.com/cybersecurity-perspectives/cyber-perspectives-magazine?ts=markdown) * [Regional Cloud Locations](https://www.paloaltonetworks.com/products/regional-cloud-locations?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Security Posture Assessment](https://www.paloaltonetworks.com/security-posture-assessment?ts=markdown) * [Threat Vector Podcast](https://unit42.paloaltonetworks.com/unit-42-threat-vector-podcast/) * [Packet Pushers Podcasts](https://www.paloaltonetworks.com/podcasts/packet-pusher?ts=markdown) Connect * [LIVE community](https://live.paloaltonetworks.com/) * [Events](https://events.paloaltonetworks.com/) * [Executive Briefing Center](https://www.paloaltonetworks.com/about-us/executive-briefing-program?ts=markdown) * [Demos](https://www.paloaltonetworks.com/demos?ts=markdown) * [Contact us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) [Blog Stay up-to-date on industry trends and the latest innovations from the world's largest cybersecurity Learn more](https://www.paloaltonetworks.com/blog/) * Sign In ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Sign In * Customer * Partner * Employee * [Login to download](https://www.paloaltonetworks.com/login?ts=markdown) * [Join us to become a member](https://www.paloaltonetworks.com/login?screenToRender=traditionalRegistration&ts=markdown) * EN ![black arrow pointing left to go back to main navigation](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/arrow-right-black.svg) Language * [USA (ENGLISH)](https://www.paloaltonetworks.com) * [AUSTRALIA (ENGLISH)](https://www.paloaltonetworks.com.au) * [BRAZIL (PORTUGUÉS)](https://www.paloaltonetworks.com.br) * [CANADA (ENGLISH)](https://www.paloaltonetworks.ca) * [CHINA (简体中文)](https://www.paloaltonetworks.cn) * [FRANCE (FRANÇAIS)](https://www.paloaltonetworks.fr) * [GERMANY (DEUTSCH)](https://www.paloaltonetworks.de) * [INDIA (ENGLISH)](https://www.paloaltonetworks.in) * [ITALY (ITALIANO)](https://www.paloaltonetworks.it) * [JAPAN (日本語)](https://www.paloaltonetworks.jp) * [KOREA (한국어)](https://www.paloaltonetworks.co.kr) * [LATIN AMERICA (ESPAÑOL)](https://www.paloaltonetworks.lat) * [MEXICO (ESPAÑOL)](https://www.paloaltonetworks.com.mx) * [SINGAPORE (ENGLISH)](https://www.paloaltonetworks.sg) * [SPAIN (ESPAÑOL)](https://www.paloaltonetworks.es) * [TAIWAN (繁體中文)](https://www.paloaltonetworks.tw) * [UK (ENGLISH)](https://www.paloaltonetworks.co.uk) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [What's New](https://www.paloaltonetworks.com/resources?ts=markdown) * [Get support](https://support.paloaltonetworks.com/SupportAccount/MyAccount) * [Under Attack?](https://start.paloaltonetworks.com/contact-unit42.html) * [Demos and Trials](https://www.paloaltonetworks.com/get-started?ts=markdown) Search All * [Tech Docs](https://docs.paloaltonetworks.com/search) Close search modal [Deploy Bravely --- Secure your AI transformation with Prisma AIRS](https://www.paloaltonetworks.com/deploybravely?ts=markdown) [](https://www.paloaltonetworks.com/?ts=markdown) 1. [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) 2. [Identity Security](https://www.paloaltonetworks.com/cyberpedia/identity-security?ts=markdown) 3. [Identity Governance and Administration](https://www.paloaltonetworks.com/cyberpedia/what-is-modern-identity-governance-administration-iga?ts=markdown) 4. [What Is the NIST SP 800-207 Framework?](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207?ts=markdown) Table of Contents * [What Is Modern IGA? Identity Governance Guide](https://www.paloaltonetworks.com/cyberpedia/what-is-modern-identity-governance-administration-iga?ts=markdown) * [Modern IGA Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-modern-identity-governance-administration-iga#explained?ts=markdown) * [The Evolution of Identity Governance: From Legacy to Modern](https://www.paloaltonetworks.com/cyberpedia/what-is-modern-identity-governance-administration-iga#evolution?ts=markdown) * [Core Mechanisms: How Modern IGA Functions](https://www.paloaltonetworks.com/cyberpedia/what-is-modern-identity-governance-administration-iga#core?ts=markdown) * [Key Benefits for the Modern Security Stack](https://www.paloaltonetworks.com/cyberpedia/what-is-modern-identity-governance-administration-iga#key?ts=markdown) * [Addressing the Non-Human Identity (NHI) Challenge](https://www.paloaltonetworks.com/cyberpedia/what-is-modern-identity-governance-administration-iga#challenge?ts=markdown) * [Modern IGA Challenges and Practical Solutions](https://www.paloaltonetworks.com/cyberpedia/what-is-modern-identity-governance-administration-iga#solutions?ts=markdown) * [Modern IGA FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-modern-identity-governance-administration-iga#faqs?ts=markdown) * [What Is Identity Governance and Administration?](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-governance-and-administration-iga?ts=markdown) * [Identity Governance and Administration (IGA) Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-governance-and-administration-iga#identity?ts=markdown) * [Core Pillars of Identity Governance and Administration](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-governance-and-administration-iga#core?ts=markdown) * [Why IGA Is Critical for Modern Enterprises](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-governance-and-administration-iga#why?ts=markdown) * [Business-Level Outcomes of IGA](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-governance-and-administration-iga#business?ts=markdown) * [Implementation Steps for an IGA Program](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-governance-and-administration-iga#implementation?ts=markdown) * [IGA and the Zero Trust Security Model](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-governance-and-administration-iga#model?ts=markdown) * [Operational Challenges and Attack Containment Behavior](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-governance-and-administration-iga#operaitonal?ts=markdown) * [Identity Governance and Administration (IGA) FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-governance-and-administration-iga#faqs?ts=markdown) * [What Is Identity Lifecycle Management?](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management?ts=markdown) * [Identity Lifecycle Management Explained](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#explained?ts=markdown) * [The Four Pillars of Identity Lifecycle Management](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#pillars?ts=markdown) * [Strategic Benefits: Why ILM Is a Cybersecurity Necessity](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#benefits?ts=markdown) * [Real-World Use Cases for Identity Lifecycle Management](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#use-cases?ts=markdown) * [Disrupting Attackers](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#disrupting-attackers?ts=markdown) * [Modernizing ILM: Just-in-Time Access and Non-Standing](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#modernizing-ilm?ts=markdown) * [Privilege](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#privilege?ts=markdown) * [Critical Challenges and Solutions in Modern ILM Implementation](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#challenges?ts=markdown) * [ILM vs. IAM](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#ilm-vs-iam?ts=markdown) * [Identity Lifecycle Management FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management#faqs?ts=markdown) * What Is NIST SP 800-207? zero trust Architecture Framework * [What Does NIST SP 800-207 Compliance Mean?](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#what?ts=markdown) * [Why NIST SP 800-207 Matters Today](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#why?ts=markdown) * [NIST Zero Trust Tenets](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#nist?ts=markdown) * [Zero Trust Architecture Components](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#components?ts=markdown) * [What Signals Inform A Trust Decision?](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#decision?ts=markdown) * [How Trust Decisions Typically Work](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#how?ts=markdown) * [Common Zero Trust Deployment Models](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#models?ts=markdown) * [Benefits And Challenges](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#benefits?ts=markdown) * [Practical Implementation Checklist](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#practical?ts=markdown) * [NIST SP 800-207 FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#faqs?ts=markdown) # What Is the NIST SP 800-207 Framework? 3 min. read [Explore Identity Security](https://www.paloaltonetworks.com/identity-security?ts=markdown) Table of Contents * * [What Does NIST SP 800-207 Compliance Mean?](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#what?ts=markdown) * [Why NIST SP 800-207 Matters Today](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#why?ts=markdown) * [NIST Zero Trust Tenets](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#nist?ts=markdown) * [Zero Trust Architecture Components](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#components?ts=markdown) * [What Signals Inform A Trust Decision?](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#decision?ts=markdown) * [How Trust Decisions Typically Work](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#how?ts=markdown) * [Common Zero Trust Deployment Models](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#models?ts=markdown) * [Benefits And Challenges](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#benefits?ts=markdown) * [Practical Implementation Checklist](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#practical?ts=markdown) * [NIST SP 800-207 FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#faqs?ts=markdown) 1. What Does NIST SP 800-207 Compliance Mean? * * [What Does NIST SP 800-207 Compliance Mean?](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#what?ts=markdown) * [Why NIST SP 800-207 Matters Today](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#why?ts=markdown) * [NIST Zero Trust Tenets](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#nist?ts=markdown) * [Zero Trust Architecture Components](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#components?ts=markdown) * [What Signals Inform A Trust Decision?](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#decision?ts=markdown) * [How Trust Decisions Typically Work](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#how?ts=markdown) * [Common Zero Trust Deployment Models](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#models?ts=markdown) * [Benefits And Challenges](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#benefits?ts=markdown) * [Practical Implementation Checklist](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#practical?ts=markdown) * [NIST SP 800-207 FAQs](https://www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207#faqs?ts=markdown) NIST SP 800-207 defines zero trust architecture (ZTA), guiding organizations in its design and migration. It moves security from "trusted internal network" assumptions to resource-centric protection. Every access request is evaluated using identity as the core control, augmented by device posture and context, and enforced near the resource. Because most modern attacks exploit compromised identities, SP 800-207 emphasizes continuous validation of who or what is requesting access, not where the request originates. Key Points * **Architecture Guidance**: NIST SP 800-207 defines the core concepts and building blocks of zero trust architecture (ZTA) and how to adopt them over time. \* **Resource-First Security**: ZTA focuses on protecting resources (applications, services, data) rather than relying on a perimeter-based trust model. \* **Dynamic Policy Decisions**: Access decisions can incorporate identity assurance strength, privilege level, device posture, behavior signals, and environmental context. \* **Enforcement Near Resources**: Policy decisions must translate into real enforcement through well-placed controls that allow, limit, or terminate sessions. \* **Identity-Driven Outcomes**: ZTA relies on strong identity assurance, governance of all identity types (human and machine), and least privilege controls to reduce the blast radius of credential compromise. \* **Privileged Access Focus**: High‑risk, high‑impact identities (administrators, service accounts, and machine identities) require stronger controls and continuous monitoring. ## What Does NIST SP 800-207 Compliance Mean? While [NIST SP 800-207 (CSRC)](https://csrc.nist.gov/pubs/sp/800/207/final) is guidance, not a formal certification, organizations claiming "SP 800-207 compliance" generally indicate that their security architecture adheres to the [zero trust architecture (ZTA)](https://nvlpubs.nist.gov/nistpubs/specialpublications/NIST.SP.800-207.pdf) principles outlined in the publication. This alignment specifically focuses on: * **Policy-driven access and continuous verification** * **Strengthening the [identity security](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-security?ts=markdown) layer by** : * Enforcing strong authentication. * Eliminating standing privileges. * Protecting privileged access pathways. * Continuously monitoring identity behavior for potential misuse or compromise. In practice, "alignment" often centers on: * **Per-Session, Least-Privilege Access** : Apply [least privilege access](https://www.paloaltonetworks.com/cyberpedia/what-is-least-privilege-access?ts=markdown) (and the[principle of least privilege](https://www.paloaltonetworks.com/cyberpedia/what-is-the-principle-of-least-privilege?ts=markdown)) so users and services get only what they need, when they need it. * **Centralized Policy Decision Logic** : Make consistent access decisions using a policy decision function rather than "implicit trust" based on network location (see [What Is A zero trust Architecture?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-architecture?ts=markdown)). * **Consistent Enforcement**: Enforce access near the resource boundary (often using zero trust network access (ZTNA) patterns rather than broad network access). * **Continuous Monitoring And Policy Tuning** : Use telemetry to continuously verify trust, detect anomalies, and tune policies over time (strongly related to reducing [lateral movement](https://www.paloaltonetworks.com/cyberpedia/what-is-lateral-movement?ts=markdown)). * **​​[Identity Threat Detection and Response (ITDR)](https://www.paloaltonetworks.com/cyberpedia/identity-threat-detection-and-response-itdr?ts=markdown)**: Continuously analyze identity activity for anomalies, credential theft indicators, or unauthorized privilege escalation. If you're documenting alignment, you typically map your controls and architecture components to the ZTA decision and enforcement functions defined in NIST SP 800-207, and show how signals such as identity, device posture, and security telemetry influence access outcomes. ## Why NIST SP 800-207 Matters Today Organizations are under pressure to secure hybrid work, cloud services, and third-party access---without relying on network location as a proxy for trust. Identity is the most critical signal in zero trust, as data shows a significant link between compromised credentials and security breaches. [Unit 42 research](https://www.paloaltonetworks.com/blog/2024/08/incident-response-by-the-numbers?ts=markdown) found that previously compromised credentials were the initial access vector in 20.5% of their incident response investigations. This statistic aligns with the wider trend that identity-centric attacks, such as credential theft, session hijacking, and privilege escalation, are the primary drivers of modern [data breaches](https://www.paloaltonetworks.com/cyberpedia/data-breach?ts=markdown). The shift to cloud services and increased automation further expands the attack surface by proliferating [non-human identities](https://www.paloaltonetworks.com/cyberpedia/what-is-a-non-human-identity?ts=markdown), making comprehensive zero-trust controls essential for managing identity risk. And the impact isn't theoretical---Unit 42's [2025 Global Incident Response](https://www.paloaltonetworks.com/resources/research/unit-42-incident-response-report?ts=markdown) findings note that 86% of cyberattacks they responded to in 2024 caused direct business impact. ## NIST Zero Trust Tenets NIST outlines foundational tenets that are commonly translated into practical enterprise requirements: * Treat all data sources and computing services as resources. * Secure communications regardless of network location. * Grant per-session access to follow least-privilege, ensuring privileges are time‑bound and elevated only when necessary. * Determine access using dynamic policy informed by context, including identity assurance level, privilege level, [machine identity](https://www.paloaltonetworks.com/cyberpedia/what-is-machine-identity?ts=markdown) posture, and recent identity behavior. * Govern all identities, human and non‑human, with consistent policies and continuous verification. * Continuously monitor asset integrity and security posture. * Enforce [authentication and authorization](https://www.paloaltonetworks.com/cyberpedia/what-is-authentication-and-authorization?ts=markdown) dynamically. * Collect telemetry to improve security posture over time. ## Zero Trust Architecture Components Even though implementations vary, ZTA requires two things to be true: 1. Decisions are made consistently (policy decision), and 2. Those decisions are enforced consistently (policy enforcement). ### Core Components Table | **Component** | What It Does | **Why It Matters** | |------------------------------|-------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------| | **Policy Engine** | Evaluates policies, signals, and identity context to decide whether to allow, deny, or revoke access. | Centralizes decision-making so trust isn't implied by "being on the network." | | **Policy Administrator** | Executes the decision by creating, modifying, or terminating sessions. | Turns policy into real actions that can be audited and repeated. | | **Policy Enforcement Point** | Enforces access security between the requester and the resource; can monitor and terminate sessions. | Ensures policy is enforced where it counts---at the resource boundary or through gateways, identity-aware proxies, or session monitoring technologies that validate identity context throughout the interaction. | ***Table 1**: Core Components of a Zero Trust Architecture* ## What Signals Inform A Trust Decision? Zero trust decisions are only as good as the signals they're based on. Common inputs include: * **Identity Assurance**: authentication strength, user/service identity attributes, roles * **Privilege Level**: administrative vs. standard identity, sensitive roles, or elevated access requests. * **Machine Identity Behavior** : service account usage patterns, [workload identity](https://www.paloaltonetworks.com/cyberpedia/what-is-workload-identity?ts=markdown) integrity, and secrets exposure risk. * **Device Posture**: managed status, encryption, OS version, patch level, EDR presence * **Behavior Signals**: anomalous access patterns, impossible travel, unusual resource requests * **Resource Sensitivity**: data classification, business criticality, regulatory requirements * **Threat Signals**: known malicious IPs/domains, threat intel, observed attacker TTPs * **Session Context**: time, network conditions, location (as a signal---not a trust grant) ## How Trust Decisions Typically Work Most organizations implement decision logic in one of these patterns: * **Criteria-Based**: access is allowed only if required conditions are met (e.g., MFA + compliant device + approved app) * **Score-Based** : signals are weighted into a risk score; thresholds vary by resource sensitivity. In identity‑first approaches, identity risk scoring (changes in authentication characteristics, unusual privilege requests, or anomalous behavior) heavily influences the final access decision. And decisions may be: * **Singular**: evaluate each request independently * **Contextual**: include recent activity and historical behavior to detect low-and-slow misuse ## Common Zero Trust Deployment Models Different parts of the enterprise may use different ZTA patterns depending on app architecture and risk. | **Deployment Model** | **High-Level Idea** | **Best Fit When...** | |------------------------------|---------------------------------------------------------------------------------------------------------------------------------------|------------------------------------------------------------------------------------------------------------------------------------------------------------| | **Device Agent / Gateway** | Agent + gateway coordinate access enforcement | Strong device management; posture signals are reliable | | **Enclave-Based** | Gateway protects a group of systems behind a boundary | You're modernizing in phases or supporting legacy apps | | **Resource Portal** | The portal acts as the controlled entry point to resources | You need controlled access for partners/unmanaged endpoints | | **Application Sandboxing** | Access only happens through isolated/approved apps | You want containment to reduce the compromise impact | | **Overlay / SDP Approaches** | Software-defined access controls across networks | You're shifting enforcement closer to users and resources | | **Identity‑Mediated Access** | Identity is authenticated, authorized, elevated, and continuously validated before any network or application session is established. | You need fine-grained, identity-aware controls that govern human and machine identities consistently across cloud, on-prem, SaaS, and hybrid environments. | ***Table 2**: Common Zero Trust Deployment Models* ## Benefits And Challenges Moving toward zero trust Architecture (ZTA) (as described in NIST SP 800-207) can materially reduce risk---but only if the underlying signals and enforcement points are strong. In Unit 42 incident response data, compromised credentials show up frequently as an initial access vector, and a large share of incidents result in real business disruption---two reasons ZTA's "continuous verification + least privilege + telemetry" mindset is so valuable in practice. ### Benefits * **Reduced Privilege Exposure** : Eliminating standing privileges and enforcing [just‑in‑time access](https://www.paloaltonetworks.com/cyberpedia/what-is-just-in-time-access-jit?ts=markdown) dramatically limits an attacker's movement after a credential compromise. * **Comprehensive Identity Protection**: Applying zero trust to human, machine, and service identities reduces risk across hybrid environments. * **Reduced Blast Radius**: Per-session, least privileged access helps limit lateral movement after compromise by preventing a single stolen identity or session from escalating to broader internal access. * **Consistent Enforcement** : One policy model can apply across cloud, on-prem, and remote users when access decisions are centralized and enforced at the resource, aligned with the ZTA approach described here: [What Is A zero trust Architecture?](https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-architecture?ts=markdown) * **Better Visibility** : Rich[security telemetry](https://www.paloaltonetworks.com/cyberpedia/observability?ts=markdown) supports faster detection, investigation, and compliance reporting by turning access decisions and session behavior into auditable signals. * **More Resilient Access** : Access adapts when risk changes (device posture drifts, behavior shifts, threat signals spike), rather than staying permanently "trusted"---especially when paired with strong[access management](https://www.paloaltonetworks.com/cyberpedia/access-management?ts=markdown) fundamentals. ### Challenges * **Privilege Sprawl** : Without strong [identity governance](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-governance-and-administration-iga?ts=markdown) and [PAM](https://www.paloaltonetworks.com/cyberpedia/what-is-privileged-access-management?ts=markdown) controls, privilege accumulation undermines zero trust goals. * **Machine Identity Risk**: Expanding automation increases the risk surface; unmanaged secrets or service accounts violate zero trust principles. * **Signal Quality Requirements** : Weak identity attributes or posture inputs produce weak decisions---if you're still maturing[identity and access management (IAM)](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-and-access-management?ts=markdown), your ZTA outcomes will reflect that. * **Legacy Constraints**: Older apps may require gateways, enclaves, or phased modernization before you can enforce policy consistently at the resource boundary (common in real ZTA migrations). * **Operational Tuning**: Policies require ongoing tuning as environments and attacker techniques evolve; without sufficient telemetry and governance, teams risk "set-and-forget" drift that undermines zero-trust intent. * **Over-Reliance On MFA Alone** :[Multifactor authentication (MFA)](https://www.paloaltonetworks.com/cyberpedia/what-is-multi-factor-authentication?ts=markdown) is necessary, but not sufficient---stolen credentials and session abuse can still succeed if enforcement and monitoring are weak, which Unit 42 IR trends continue to reinforce. ## Practical Implementation Checklist If you're using SP 800-207 as a roadmap, this sequence is a practical starting point: * **Identify Inventory Resources**: identify high-value apps, data, services, and admin systems * **Strengthen Identity Controls**: enforce MFA where appropriate and reduce excessive privileges * **Eliminate Standing Privileges**: Shift to just‑in‑time access for sensitive and administrative roles. * **Secure Machine Identities**: Rotate secrets, remove hardcoded credentials, and apply least‑privilege policies to service accounts. * **Deploy Identity Threat Detection**: Continuously analyze identity behavior, privilege requests, and authentication patterns for anomalies. * **Define Enforcement Points**: place controls near resources and standardize session access paths * **Select Trust Signals**: decide which posture/behavior/threat inputs actually matter for your environment * **Operationalize Telemetry**: improve logging and monitoring so policy can adapt as risk changes ## NIST SP 800-207 FAQs ### What Is The Difference Between NIST SP 800-207 And NIST CSF? NIST SP 800-207 is specific guidance for zero trust Architecture design, while NIST CSF is a broader framework for managing cybersecurity risk across an organization. ### Does NIST SP 800-207 Require A Specific Technology Stack? No. It describes architectural functions and principles. Organizations implement those functions using tools and controls that fit their environment. ### Do You Need To Rebuild Everything To Adopt zero trust? Usually not. Most enterprises migrate in phases, applying different zero trust deployment models depending on resources and constraints. A good place to start for most organizations is modernization of identity controls: MFA, PAM, JIT, and identity threat detection. ### Why Is Identity So Central To zero trust Architecture? Identity is a core anchor for zero trust decisions, determining "who/what is requesting access" and whether that identity is high-assurance. This emphasis is critical because attackers frequently target both human and machine identities to gain initial access, escalate privileges, and move laterally across systems. Stolen credentials remain a major initial access vector, according to Unit 42 incident response data. Therefore, a successful zero trust strategy requires continuously validating identities, minimizing privilege exposure, and actively monitoring identity activity for emerging threats. ### What Is A Realistic First Step Toward SP 800-207 Alignment? Start by defining protected surfaces (your most critical resources), tightening identity controls and privileges, and placing enforcement points closest to those resources---then expand. Related Content [Explore ZTNA 2.0 Apply least-privilege access with continuous trust verification and inspection.](https://www.paloaltonetworks.com/sase/ztna?ts=markdown) [Explore Prisma Access Secure users, apps, and data everywhere with cloud-delivered SASE.](https://www.paloaltonetworks.com/sase/access?ts=markdown) [Read: Architecting the zero trust Enterprise Use a practical blueprint to turn zero trust strategy into enterprise architecture.](https://www.paloaltonetworks.com/resources/whitepapers/architecting-zero-trust-enterprise?ts=markdown) [Build Identity Best Practices for zero trust Strengthen identity posture to accelerate zero trust adoption and reduce risk.](https://www.paloaltonetworks.com/resources/whitepapers/building-the-zero-trust-enterprise?ts=markdown) ![Share page on facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/facebook-circular-icon.svg) ![Share page on linkedin](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/linkedin-circular-icon.svg) [![Share page by an email](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/resources/email-circular-icon.svg)](mailto:?subject=What%20Is%20NIST%20SP%20800-207%3F%20zero%20trust%20Architecture%20Framework&body=Learn%20what%20NIST%20SP%20800-207%20is%2C%20how%20zero%20trust%20Architecture%20works%2C%20its%20core%20components%20and%20tenets%2C%20and%20practical%20steps%20to%20implement%20ZTA%20in%20hybrid%20environments.%20at%20https%3A//www.paloaltonetworks.com/cyberpedia/what-is-nist-sp-800-207) Back to Top [Previous](https://www.paloaltonetworks.com/cyberpedia/what-is-identity-lifecycle-management?ts=markdown) What Is Identity Lifecycle Management? {#footer} ## Products and Services * [AI-Powered Network Security Platform](https://www.paloaltonetworks.com/network-security?ts=markdown) * [Secure AI by Design](https://www.paloaltonetworks.com/precision-ai-security/secure-ai-by-design?ts=markdown) * [Prisma AIRS](https://www.paloaltonetworks.com/prisma/prisma-ai-runtime-security?ts=markdown) * [AI Access Security](https://www.paloaltonetworks.com/sase/ai-access-security?ts=markdown) * [Cloud Delivered Security Services](https://www.paloaltonetworks.com/network-security/security-subscriptions?ts=markdown) * [Advanced Threat Prevention](https://www.paloaltonetworks.com/network-security/advanced-threat-prevention?ts=markdown) * [Advanced URL Filtering](https://www.paloaltonetworks.com/network-security/advanced-url-filtering?ts=markdown) * [Advanced WildFire](https://www.paloaltonetworks.com/network-security/advanced-wildfire?ts=markdown) * [Advanced DNS Security](https://www.paloaltonetworks.com/network-security/advanced-dns-security?ts=markdown) * [Enterprise Data Loss Prevention](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Enterprise IoT Security](https://www.paloaltonetworks.com/network-security/enterprise-device-security?ts=markdown) * [Medical IoT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [Industrial OT Security](https://www.paloaltonetworks.com/network-security/medical-device-security?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [Next-Generation Firewalls](https://www.paloaltonetworks.com/network-security/next-generation-firewall?ts=markdown) * [Hardware Firewalls](https://www.paloaltonetworks.com/network-security/hardware-firewall-innovations?ts=markdown) * [Software Firewalls](https://www.paloaltonetworks.com/network-security/software-firewalls?ts=markdown) * [Strata Cloud Manager](https://www.paloaltonetworks.com/network-security/strata-cloud-manager?ts=markdown) * [SD-WAN for NGFW](https://www.paloaltonetworks.com/network-security/sd-wan-subscription?ts=markdown) * [PAN-OS](https://www.paloaltonetworks.com/network-security/pan-os?ts=markdown) * [Panorama](https://www.paloaltonetworks.com/network-security/panorama?ts=markdown) * [Secure Access Service Edge](https://www.paloaltonetworks.com/sase?ts=markdown) * [Prisma SASE](https://www.paloaltonetworks.com/sase?ts=markdown) * [Application Acceleration](https://www.paloaltonetworks.com/sase/app-acceleration?ts=markdown) * [Autonomous Digital Experience Management](https://www.paloaltonetworks.com/sase/adem?ts=markdown) * [Enterprise DLP](https://www.paloaltonetworks.com/sase/enterprise-data-loss-prevention?ts=markdown) * [Prisma Access](https://www.paloaltonetworks.com/sase/access?ts=markdown) * [Prisma Browser](https://www.paloaltonetworks.com/sase/prisma-browser?ts=markdown) * [Prisma SD-WAN](https://www.paloaltonetworks.com/sase/sd-wan?ts=markdown) * [Remote Browser Isolation](https://www.paloaltonetworks.com/sase/remote-browser-isolation?ts=markdown) * [SaaS Security](https://www.paloaltonetworks.com/sase/saas-security?ts=markdown) * [AI-Driven Security Operations Platform](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cloud Security](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Cortex Cloud](https://www.paloaltonetworks.com/cortex/cloud?ts=markdown) * [Application Security](https://www.paloaltonetworks.com/cortex/cloud/application-security?ts=markdown) * [Cloud Posture Security](https://www.paloaltonetworks.com/cortex/cloud/cloud-posture-security?ts=markdown) * [Cloud Runtime Security](https://www.paloaltonetworks.com/cortex/cloud/runtime-security?ts=markdown) * [Prisma Cloud](https://www.paloaltonetworks.com/prisma/cloud?ts=markdown) * [AI-Driven SOC](https://www.paloaltonetworks.com/cortex?ts=markdown) * [Cortex XSIAM](https://www.paloaltonetworks.com/cortex/cortex-xsiam?ts=markdown) * [Cortex XDR](https://www.paloaltonetworks.com/cortex/cortex-xdr?ts=markdown) * [Cortex XSOAR](https://www.paloaltonetworks.com/cortex/cortex-xsoar?ts=markdown) * [Cortex Xpanse](https://www.paloaltonetworks.com/cortex/cortex-xpanse?ts=markdown) * [Unit 42 Managed Detection \& Response](https://www.paloaltonetworks.com/cortex/managed-detection-and-response?ts=markdown) * [Managed XSIAM](https://www.paloaltonetworks.com/cortex/managed-xsiam?ts=markdown) * [Threat Intel and Incident Response Services](https://www.paloaltonetworks.com/unit42?ts=markdown) * [Proactive Assessments](https://www.paloaltonetworks.com/unit42/assess?ts=markdown) * [Incident Response](https://www.paloaltonetworks.com/unit42/respond?ts=markdown) * [Transform Your Security Strategy](https://www.paloaltonetworks.com/unit42/transform?ts=markdown) * [Discover Threat Intelligence](https://www.paloaltonetworks.com/unit42/threat-intelligence-partners?ts=markdown) ## Company * [About Us](https://www.paloaltonetworks.com/about-us?ts=markdown) * [Careers](https://jobs.paloaltonetworks.com/en/) * [Contact Us](https://www.paloaltonetworks.com/company/contact-sales?ts=markdown) * [Corporate Responsibility](https://www.paloaltonetworks.com/about-us/corporate-responsibility?ts=markdown) * [Customers](https://www.paloaltonetworks.com/customers?ts=markdown) * [Investor Relations](https://investors.paloaltonetworks.com/) * [Location](https://www.paloaltonetworks.com/about-us/locations?ts=markdown) * [Newsroom](https://www.paloaltonetworks.com/company/newsroom?ts=markdown) ## Popular Links * [Blog](https://www.paloaltonetworks.com/blog/?ts=markdown) * [Communities](https://www.paloaltonetworks.com/communities?ts=markdown) * [Content Library](https://www.paloaltonetworks.com/resources?ts=markdown) * [Cyberpedia](https://www.paloaltonetworks.com/cyberpedia?ts=markdown) * [Event Center](https://events.paloaltonetworks.com/) * [Manage Email Preferences](https://start.paloaltonetworks.com/preference-center) * [Products A-Z](https://www.paloaltonetworks.com/products/products-a-z?ts=markdown) * [Product Certifications](https://www.paloaltonetworks.com/legal-notices/trust-center/compliance?ts=markdown) * [Report a Vulnerability](https://www.paloaltonetworks.com/security-disclosure?ts=markdown) * [Sitemap](https://www.paloaltonetworks.com/sitemap?ts=markdown) * [Tech Docs](https://docs.paloaltonetworks.com/) * [Unit 42](https://unit42.paloaltonetworks.com/) * [Do Not Sell or Share My Personal Information](https://panwedd.exterro.net/portal/dsar.htm?target=panwedd) ![PAN logo](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/pan-logo-dark.svg) * [Privacy](https://www.paloaltonetworks.com/legal-notices/privacy?ts=markdown) * [Trust Center](https://www.paloaltonetworks.com/legal-notices/trust-center?ts=markdown) * [Terms of Use](https://www.paloaltonetworks.com/legal-notices/terms-of-use?ts=markdown) * [Documents](https://www.paloaltonetworks.com/legal?ts=markdown) Copyright © 2026 Palo Alto Networks. All Rights Reserved * [![Youtube](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/youtube-black.svg)](https://www.youtube.com/user/paloaltonetworks) * [![Podcast](https://www.paloaltonetworks.com/content/dam/pan/en_US/images/icons/podcast.svg)](https://www.paloaltonetworks.com/podcasts/threat-vector?ts=markdown) * [![Facebook](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/facebook-black.svg)](https://www.facebook.com/PaloAltoNetworks/) * [![LinkedIn](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/linkedin-black.svg)](https://www.linkedin.com/company/palo-alto-networks) * [![Twitter](https://www.paloaltonetworks.com/etc/clientlibs/clean/imgs/social/twitter-x-black.svg)](https://twitter.com/PaloAltoNtwks) * EN Select your language