{"id":125862,"date":"2025-07-08T07:03:19","date_gmt":"2025-07-08T15:03:19","guid":{"rendered":"https:\/\/xira.com\/p\/2025\/07\/08\/another-great-zero-trust-resource-nist-provides-updated-guidance\/"},"modified":"2025-07-08T07:03:19","modified_gmt":"2025-07-08T15:03:19","slug":"another-great-zero-trust-resource-nist-provides-updated-guidance","status":"publish","type":"post","link":"https:\/\/xira.com\/p\/2025\/07\/08\/another-great-zero-trust-resource-nist-provides-updated-guidance\/","title":{"rendered":"Another Great Zero-Trust Resource \u2013 NIST Provides Updated Guidance"},"content":{"rendered":"<p><em><u>Ed. note<\/u>: This is the latest in the article series,\u00a0<em><strong>Cybersecurity: Tips From the Trenches<\/strong>,<\/em>\u00a0by our friends at\u00a0<a href=\"https:\/\/senseient.com\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Sensei Enterprises<\/a>, a boutique provider of IT, cybersecurity, and digital forensics services.<\/em><\/p>\n<p>The National Institute of Standards and Technology (NIST) is an excellent resource for businesses seeking guidance and instruction to secure their information systems. This month, NIST dropped SP\u202f1800\u201135, a practical practice guide boasting 19 real-world zero\u2011trust example implementations using off\u2011the\u2011shelf technology from big-name vendors. It is a great starting point for firms of all sizes when developing Zero Trust architecture.<\/p>\n<p><strong>Why This Matters<\/strong><\/p>\n<p>Traditional cybersecurity followed a set-it-and-forget-it mantra \u2014 keep the bad guys out, and we\u2019re good. Firewalls were the defender that many firms solely relied upon. That doesn\u2019t cut it anymore. As NIST points out, modern networks are hybrid beasts: cloud servers, employee homes, airport Wi\u2011Fi, mobile devices \u2014 you name it. Consequently, cybersecurity threats don\u2019t just knock at the front door; they\u2019re looking for every possible way into your systems and environment.<\/p>\n<p>Zero Trust flips the script. Instead of trusting the perimeter, it uses a \u201cTrust No One\u201d approach to treat every access request with suspicion. This is especially critical in a remote technological environment, where users and information live and are accessed outside the traditional perimeter. Zero Trust evaluates users, devices, and locations based on identity, device posture, behavior, geolocation, and more before granting access.\u202fFor attorneys handling sensitive data, privileged communications, case materials, and client information, this granular access control is essential to keeping your information safe. Switching from traditional cybersecurity approaches to Zero Trust requires a change to a risk-based approach, planning, and careful implementation.<\/p>\n<p>This latest guide provides plug-and-play architectures you can adapt to your firm. It includes the technology, workflows, and security settings and controls behind each architecture and scenario, plus best practices and lessons learned. You can choose which architecture best fits your firm\u2019s environment, whether it\u2019s Microsoft 365, Google, or Cisco. The guides also assume your technology environment is hybrid, meaning both cloud and on-prem, demonstrating how Zero Trust works for your configuration. It also stresses that adopting Zero Trust is a journey and does not happen overnight. Firms must start somewhere \u2014 why not start with your most sensitive data and move on from there? Taking the first step is always the most challenging part.<\/p>\n<p><strong>Key Takeaways<\/strong><\/p>\n<ul class=\"wp-block-list\">\n<li><strong>Map your assets.<\/strong> Identify high-value data \u2014 client portals, cloud-based file storage, managing partner systems \u2014 and define who can access them, and under what conditions.<\/li>\n<li><strong>Start small.<\/strong> You don\u2019t need to overhaul everything. Pick somewhere to start \u2014 maybe secure your remote document repository using identity governance and micro\u2011segmentation.<\/li>\n<li><strong>Run audits and monitoring.<\/strong> Constant verification means logs, analytics, and alerts, ensuring that you catch suspicious access early and maintain an audit trail for ethical compliance.<\/li>\n<li><strong>Rely on best practices.<\/strong> Instead of reinventing the wheel, you can follow NIST\u2019s step-by-step builds. The guide even includes lessons learned from vendors to help avoid common pitfalls.<\/li>\n<\/ul>\n<p>Law firms should continue to strive to implement the best practices regarding cybersecurity measures to protect their client data. Law firms often rely on what\u2019s reasonable when making cybersecurity and technology-related decisions.<\/p>\n<p>Zero Trust architecture is quickly becoming a \u201creasonable\u201d solution to implement. It may shortly be required by clients, cyberinsurance companies, and government and state regulations to protect the confidentiality of the sensitive information law firms store and maintain. Very soon, Zero Trust won\u2019t be just a reasonable solution \u2014 it will be mandatory \u2014 so get started now.<\/p>\n<hr class=\"wp-block-separator has-alpha-channel-opacity\">\n<p><em><strong>Michael C. Maschke is the President and Chief Executive Officer of Sensei Enterprises, Inc. Mr. Maschke is an EnCase Certified Examiner (EnCE), a Certified Computer Examiner (CCE #744), an AccessData Certified Examiner (ACE), a Certified Ethical Hacker (CEH), and a Certified Information Systems Security Professional (CISSP). He is a frequent speaker on IT, cybersecurity, and digital forensics, and he has co-authored 14 books published by the American Bar Association. He can be reached at\u00a0mmaschke@senseient.com.<\/strong><\/em><\/p>\n<p><em><strong>Sharon D. Nelson is the co-founder of and consultant to Sensei Enterprises, Inc. She is a past president of the Virginia State Bar, the Fairfax Bar Association, and the Fairfax Law Foundation. She is a co-author of 18 books published by the ABA. She can be reached at\u00a0snelson@senseient.com<\/strong><\/em>.<\/p>\n<p><em><strong>John W. Simek is the co-founder of and consultant to Sensei Enterprises, Inc. He holds multiple technical certifications and is a nationally known digital forensics expert. He is a co-author of 18 books published by the American Bar Association. He can be reached at\u00a0jsimek@senseient.com<\/strong><\/em>.<\/p>\n<p>The post <a href=\"https:\/\/abovethelaw.com\/2025\/07\/another-great-zero-trust-resource-nist-provides-updated-guidance\/\" rel=\"nofollow noopener\" target=\"_blank\">Another Great Zero-Trust Resource \u2013 NIST Provides Updated Guidance<\/a> appeared first on <a href=\"https:\/\/abovethelaw.com\/\" rel=\"nofollow noopener\" target=\"_blank\">Above the Law<\/a>.<\/p>\n<figure class=\"post-single__featured-image post-single__featured-image--medium alignright\"><img data-recalc-dims=\"1\" loading=\"lazy\" decoding=\"async\" width=\"300\" height=\"181\" src=\"https:\/\/i0.wp.com\/abovethelaw.com\/wp-content\/uploads\/sites\/4\/2015\/06\/Hacker-typing-on-a-laptop-Article-201408011552-300x181.jpg?resize=300%2C181&#038;ssl=1\" class=\"attachment-medium size-medium wp-post-image\" alt=\"\" title=\"\"><\/figure>\n<p><em><u>Ed. note<\/u>: This is the latest in the article series,\u00a0<em><strong>Cybersecurity: Tips From the Trenches<\/strong>,<\/em>\u00a0by our friends at\u00a0<a href=\"https:\/\/senseient.com\/\" target=\"_blank\" rel=\"noreferrer noopener nofollow\">Sensei Enterprises<\/a>, a boutique provider of IT, cybersecurity, and digital forensics services.<\/em><\/p>\n<p>The National Institute of Standards and Technology (NIST) is an excellent resource for businesses seeking guidance and instruction to secure their information systems. This month, NIST dropped SP\u202f1800\u201135, a practical practice guide boasting 19 real-world zero\u2011trust example implementations using off\u2011the\u2011shelf technology from big-name vendors. It is a great starting point for firms of all sizes when developing Zero Trust architecture.<\/p>\n<p><strong>Why This Matters<\/strong><\/p>\n<p>Traditional cybersecurity followed a set-it-and-forget-it mantra \u2014 keep the bad guys out, and we\u2019re good. Firewalls were the defender that many firms solely relied upon. That doesn\u2019t cut it anymore. As NIST points out, modern networks are hybrid beasts: cloud servers, employee homes, airport Wi\u2011Fi, mobile devices \u2014 you name it. Consequently, cybersecurity threats don\u2019t just knock at the front door; they\u2019re looking for every possible way into your systems and environment.<\/p>\n<p>Zero Trust flips the script. Instead of trusting the perimeter, it uses a \u201cTrust No One\u201d approach to treat every access request with suspicion. This is especially critical in a remote technological environment, where users and information live and are accessed outside the traditional perimeter. Zero Trust evaluates users, devices, and locations based on identity, device posture, behavior, geolocation, and more before granting access.\u202fFor attorneys handling sensitive data, privileged communications, case materials, and client information, this granular access control is essential to keeping your information safe. Switching from traditional cybersecurity approaches to Zero Trust requires a change to a risk-based approach, planning, and careful implementation.<\/p>\n<p>This latest guide provides plug-and-play architectures you can adapt to your firm. It includes the technology, workflows, and security settings and controls behind each architecture and scenario, plus best practices and lessons learned. You can choose which architecture best fits your firm\u2019s environment, whether it\u2019s Microsoft 365, Google, or Cisco. The guides also assume your technology environment is hybrid, meaning both cloud and on-prem, demonstrating how Zero Trust works for your configuration. It also stresses that adopting Zero Trust is a journey and does not happen overnight. Firms must start somewhere \u2014 why not start with your most sensitive data and move on from there? Taking the first step is always the most challenging part.<\/p>\n<p><strong>Key Takeaways<\/strong><\/p>\n<ul class=\"wp-block-list\">\n<li><strong>Map your assets.<\/strong> Identify high-value data \u2014 client portals, cloud-based file storage, managing partner systems \u2014 and define who can access them, and under what conditions.<\/li>\n<li><strong>Start small.<\/strong> You don\u2019t need to overhaul everything. Pick somewhere to start \u2014 maybe secure your remote document repository using identity governance and micro\u2011segmentation.<\/li>\n<li><strong>Run audits and monitoring.<\/strong> Constant verification means logs, analytics, and alerts, ensuring that you catch suspicious access early and maintain an audit trail for ethical compliance.<\/li>\n<li><strong>Rely on best practices.<\/strong> Instead of reinventing the wheel, you can follow NIST\u2019s step-by-step builds. The guide even includes lessons learned from vendors to help avoid common pitfalls.<\/li>\n<\/ul>\n<p>Law firms should continue to strive to implement the best practices regarding cybersecurity measures to protect their client data. Law firms often rely on what\u2019s reasonable when making cybersecurity and technology-related decisions.<\/p>\n<p>Zero Trust architecture is quickly becoming a \u201creasonable\u201d solution to implement. It may shortly be required by clients, cyberinsurance companies, and government and state regulations to protect the confidentiality of the sensitive information law firms store and maintain. Very soon, Zero Trust won\u2019t be just a reasonable solution \u2014 it will be mandatory \u2014 so get started now.<\/p>\n<hr class=\"wp-block-separator has-alpha-channel-opacity\" \/>\n<p><em><strong>Michael C. Maschke is the President and Chief Executive Officer of Sensei Enterprises, Inc. Mr. Maschke is an EnCase Certified Examiner (EnCE), a Certified Computer Examiner (CCE #744), an AccessData Certified Examiner (ACE), a Certified Ethical Hacker (CEH), and a Certified Information Systems Security Professional (CISSP). He is a frequent speaker on IT, cybersecurity, and digital forensics, and he has co-authored 14 books published by the American Bar Association. He can be reached at\u00a0<a href=\"https:\/\/abovethelaw.com\/cdn-cgi\/l\/email-protection\" class=\"__cf_email__\" data-cfemail=\"ec81818d9f8f848789ac9f89829f8985898298c28f8381\" rel=\"nofollow noopener\" target=\"_blank\">[email\u00a0protected]<\/a>.<\/strong><\/em><\/p>\n<p><em><strong>Sharon D. Nelson is the co-founder of and consultant to Sensei Enterprises, Inc. She is a past president of the Virginia State Bar, the Fairfax Bar Association, and the Fairfax Law Foundation. She is a co-author of 18 books published by the ABA. She can be reached at\u00a0<a href=\"https:\/\/abovethelaw.com\/cdn-cgi\/l\/email-protection\" class=\"__cf_email__\" data-cfemail=\"a6d5c8c3cad5c9c8e6d5c3c8d5c3cfc3c8d288c5c9cb\" rel=\"nofollow noopener\" target=\"_blank\">[email\u00a0protected]<\/a><\/strong><\/em>.<\/p>\n<p><em><strong>John W. Simek is the co-founder of and consultant to Sensei Enterprises, Inc. He holds multiple technical certifications and is a nationally known digital forensics expert. He is a co-author of 18 books published by the American Bar Association. He can be reached at\u00a0<a href=\"https:\/\/abovethelaw.com\/cdn-cgi\/l\/email-protection\" class=\"__cf_email__\" data-cfemail=\"dfb5acb6b2bab49facbab1acbab6bab1abf1bcb0b2\" rel=\"nofollow noopener\" target=\"_blank\">[email\u00a0protected]<\/a><\/strong><\/em>.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Ed. note: This is the latest in the article series,\u00a0Cybersecurity: Tips From the Trenches,\u00a0by our friends at\u00a0Sensei Enterprises, a boutique provider of IT, cybersecurity, and digital forensics services. The National Institute of Standards and Technology (NIST) is an excellent resource for businesses seeking guidance and instruction to secure their information systems. This month, NIST dropped [&hellip;]<\/p>\n","protected":false},"author":3,"featured_media":125863,"comment_status":"","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"_et_pb_use_builder":"","_et_pb_old_content":"","_et_gb_content_width":"","_jetpack_memberships_contains_paid_content":false,"footnotes":""},"categories":[16],"tags":[],"class_list":["post-125862","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-above_the_law"],"jetpack_featured_media_url":"https:\/\/i0.wp.com\/xira.com\/p\/wp-content\/uploads\/2025\/07\/Hacker-typing-on-a-laptop-Article-201408011552-6tcM2J.jpeg?fit=616%2C372&ssl=1","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/xira.com\/p\/wp-json\/wp\/v2\/posts\/125862","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/xira.com\/p\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/xira.com\/p\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/xira.com\/p\/wp-json\/wp\/v2\/users\/3"}],"replies":[{"embeddable":true,"href":"https:\/\/xira.com\/p\/wp-json\/wp\/v2\/comments?post=125862"}],"version-history":[{"count":0,"href":"https:\/\/xira.com\/p\/wp-json\/wp\/v2\/posts\/125862\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/xira.com\/p\/wp-json\/wp\/v2\/media\/125863"}],"wp:attachment":[{"href":"https:\/\/xira.com\/p\/wp-json\/wp\/v2\/media?parent=125862"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/xira.com\/p\/wp-json\/wp\/v2\/categories?post=125862"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/xira.com\/p\/wp-json\/wp\/v2\/tags?post=125862"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}