Framework summaries on this platform are AI-assisted interpretations for educational and compliance planning purposes. They do not reproduce or replace the official standards. Refer to the authoritative source for the definitive text. Framework names and trademarks belong to their respective organisations.
Framework Domains (13)
Deployment Models
| Code | Title |
|---|---|
| SP800-207-4.1 | Enhanced Identity Governance Deployment |
| SP800-207-4.2 | Micro Segmentation Deployment |
| SP800-207-4.3 | Software Defined Perimeter Deployment |
Foundational Tenets
| Code | Title |
|---|---|
| SP800-207-2.1 | Tenet 1: All Data Sources and Computing Services as Resources |
| SP800-207-2.2 | Tenet 2: All Communication Secured Regardless of Network |
| SP800-207-2.3 | Tenet 3: Per Session Resource Access |
| SP800-207-2.4 | Tenet 4: Dynamic Policy Driven Access |
| SP800-207-2.5 | Tenet 5: Monitor Integrity and Posture of Assets |
| SP800-207-2.6 | Tenet 6: Dynamic Authentication and Authorization |
| SP800-207-2.7 | Tenet 7: Telemetry to Improve Posture |
Logical Components
| Code | Title |
|---|---|
| SP800-207-3.1 | Policy Engine Capabilities |
| SP800-207-3.2 | Policy Administrator Role |
| SP800-207-3.3 | Policy Enforcement Point Coverage |
NIST SP 800-207: Access Control
Logical and physical access controls (NIST SP 800-207)
| Code | Title |
|---|---|
| SP800-207-DEP-PORTAL | Resource Portal-Based Deployment |
| SP800-207-DEP-SANDBOX | Device Application Sandboxing |
| SP800-207-NET-REQ | Network Requirements to Support ZTA |
| SP800-207-TA-CONTEXT | Singular vs Contextual Trust Algorithm |
| SP800-207-TA-CRITERIA | Criteria-Based vs Score-Based Trust Algorithm |
NIST SP 800-207: Asset Management
Information asset management (NIST SP 800-207)
| Code | Title |
|---|---|
| SP800-207-DEP-AGENT | Device Agent/Gateway-Based Deployment |
| SP800-207-DEP-ENCLAVE | Enclave-Based Deployment |
| SP800-207-SUP-IDM | Identity Management System |
| SP800-207-SUP-PKI | Enterprise Public Key Infrastructure (PKI) |
| SP800-207-SUP-SIEM | Security Information and Event Management (SIEM) System |
NIST SP 800-207: Communications Security
Network and communications security (NIST SP 800-207)
| Code | Title |
|---|---|
| SP800-207-MIG-ACTORS | Migration Step: Identify Actors on the Enterprise |
| SP800-207-MIG-ASSETS | Migration Step: Identify Assets Owned by the Enterprise |
| SP800-207-MIG-POLICY | Migration Step: Formulate Policies for the ZTA Candidate |
| SP800-207-MIG-PROCESS | Migration Step: Identify Key Processes and Evaluate Risks |
| SP800-207-THR-NPE | Threat: Use of Non-Person Entities (NPE) in ZTA Administration |
NIST SP 800-207: Cryptography
Cryptographic controls (NIST SP 800-207)
| Code | Title |
|---|---|
| SP800-207-SC-CONTRACTED | Deployment Scenario: Contracted Services and Nonemployee Access |
| SP800-207-SC-CROSSENT | Deployment Scenario: Collaboration Across Enterprise Boundaries |
| SP800-207-SC-MULTICLOUD | Deployment Scenario: Multi-cloud / Cloud-to-Cloud Enterprise |
| SP800-207-SC-PUBLIC | Deployment Scenario: Public- or Customer-Facing Services |
| SP800-207-SC-SATELLITE | Deployment Scenario: Enterprise with Satellite Facilities |
NIST SP 800-207: Information Security Policies
Organizational information security policies (NIST SP 800-207)
| Code | Title |
|---|---|
| SP800-207-SUP-CDM | Continuous Diagnostics and Mitigation (CDM) System |
| SP800-207-SUP-COMPLY | Industry Compliance System |
| SP800-207-SUP-DAP | Data Access Policies |
| SP800-207-SUP-LOGS | Network and System Activity Logs |
| SP800-207-SUP-THREAT | Threat Intelligence Feeds |
NIST SP 800-207: Operations Security
Secure operations and monitoring (NIST SP 800-207)
| Code | Title |
|---|---|
| SP800-207-THR-CREDS | Threat: Stolen Credentials and Insider Threat |
| SP800-207-THR-DOS | Threat: Denial-of-Service or Network Disruption |
| SP800-207-THR-PROPRIETARY | Threat: Reliance on Proprietary Data Formats or Solutions |
| SP800-207-THR-STORAGE | Threat: Storage of System and Network Information |
| SP800-207-THR-SUBVERT | Threat: Subversion of ZTA Decision Process |
| SP800-207-THR-VISIBILITY | Threat: Limited Visibility on the Network |
Programme Management
| Code | Title |
|---|---|
| SP800-207-7.1 | Migration Strategy and Roadmap |
| SP800-207-7.2 | Interoperability with Existing Controls |
Risk
| Code | Title |
|---|---|
| SP800-207-6.1 | ZTA Threats and Mitigations |
Supporting Components
| Code | Title |
|---|---|
| SP800-207-3.4 | Continuous Diagnostics and Mitigation Inputs |
| SP800-207-3.5 | Identity Management Integration |
| SP800-207-MIG-DEPLOY | Migration Step: Identify Candidate Solutions, Deploy, and Expand |
Trust Algorithm
| Code | Title |
|---|---|
| SP800-207-5.1 | Trust Algorithm Documentation |
Your Compliance Coverage
If you comply with NIST SP 800-207, you already cover:
NIST SP 800-53 Rev 5
63%
32 controls mapped
Compare →NIST SP 800-171
55%
28 controls mapped
Compare →NIST SP 800-171A Rev 3 - Assessing CUI Security Requirements
12%
6 controls mapped
Compare →+ 6 more: BRCGS Global Standard for Food Safety Issue 9 (6%), FedRAMP Rev 5 (4%)
See all 9 mapped frameworks ↓Maps to 9 other frameworks
Frequently Asked Questions
What is NIST SP 800-207?
NIST SP 800-207 is a compliance framework from United States with 13 domains and 51 controls. Zero Trust Architecture It is used by organisations to establish and maintain compliance with industry standards and regulatory requirements.
How many controls does NIST SP 800-207 have?
NIST SP 800-207 has 51 controls organised across 13 domains. The largest domains are Foundational Tenets (7 controls), NIST SP 800-207: Operations Security (6 controls), NIST SP 800-207: Access Control (5 controls). Each control defines specific requirements that organisations must implement to achieve compliance.
What frameworks does NIST SP 800-207 map to?
NIST SP 800-207 maps to 9 other compliance frameworks. The top mapping partners are NIST SP 800-53 Rev 5 (63% coverage), NIST SP 800-171 (55% coverage), NIST SP 800-171A Rev 3 - Assessing CUI Security Requirements (12% coverage). Use our comparison tool to explore control-level mappings between frameworks.
How do I get started with NIST SP 800-207 compliance?
Start your NIST SP 800-207 compliance journey by running a self-assessment on our platform to identify your current compliance posture. Our AI advisory can answer specific questions about NIST SP 800-207 requirements, and cross-framework mapping helps you leverage existing controls from other frameworks you may already comply with. Create a free account to access all 51 controls and track your progress.
Start Your Compliance Journey
Create a free account to run self-assessments, get AI advisory, and track your compliance progress across 700 frameworks.
Get Started Free →Free forever — no credit card required