Global

Please select a language

Please select the country/region where you would like to introduce your business.

Asia / Oceania

America

Europe / Middle East / Africa

Contact Us
Contact Us
Global

Please select a language

Please select the country/region where you would like to introduce your business.

Asia / Oceania

America

Europe / Middle East / Africa

White Paper Mar 19, 2025 Implementing Zero Trust Using NIST Guidelines

~A Practical Guide for Operations and Continuous Improvement Using Advanced Technologies~

Are You Ready to Implement Zero Trust Security Based on NIST Guidelines?

With the widespread adoption of remote work and increased use of cloud services, cyberattacks have become more sophisticated, and the importance of robust security measures has grown. Traditional perimeter-based security can no longer adequately address today’s diverse threats and dynamic environments – which is why many companies are now turning to Zero Trust. In this context, NIST’s guidelines are drawing attention as the foundational framework for Zero Trust.

Yet you may be facing challenges such as:

  • We’re unsure how to implement the NIST guidelines in our policies and operational workflows to drive meaningful improvements.
  • After adopting Zero Trust, we want to know how to ensure effective operations and continuous improvement.
  • We’re concerned that our overall security operations may not be optimized across the organisation.

This document explains the core concepts of Zero Trust based on the NIST guidelines and presents specific methods to tailor operations and improvements for your company’s environment.

Table of Contents

  • The Importance of Zero Trust
  • Key Components of Zero Trust
  • NIST Cybersecurity Framework 2.0
  • Zero Trust in Practice Based on the NIST Framework①~④
  • Practical Points – Organizational Aspects / System Aspects
  • Common Challenges and Solutions in Zero Trust Operations
  • KDDI’s “Managed Zero Trust” Service

The Importance of Zero Trust

Zero Trust is a security model predicated on “trust nothing” – every access to information assets is verified to prevent unauthorised entry and insider threats. Traditional approaches, which distinguished between a trusted “inside” and an untrusted “outside,” no longer suffice as organizational boundaries become increasingly blurred. Relying solely on a simple gateway model to protect internal networks is no longer effective.

Zero Trust controls access to both internal and external resources according to their criticality, enabling you to implement focused, minimum necessary security measures.

Example

If Cloud and Remote Work Usage Is Limited

Focus on a minimal set of measures, prioritising protection against unauthorised access to internal networks.

<Implementation example>

Endpoint monitoring and network traffic anomaly detection

If Cloud and Remote Work Are Prevalent

Strengthen controls on external access and implement measures to prevent cloud data leakage.

<Implementation example>

Visualisation and control of cloud usage, and automation of security operations

*The information contained in the news releases is current at the time of publication.
*Products, service fees, service content and specifications, contact information, and other details are subject to change without notice.

Get the insights you need — download it now!

After clicking the "Free download" button, you will be redirected to the PDF download form.

Related Services

Security Assessment / IT Environment Survey
Security
Prevent security risks at overseas locations with IT/Security assessments
Global Managed Service
Security
IT support provided 24/7/365. Local KDDI staff stops problems before they occur.
Global SASE
Security
Achieve cost-effective and effortless security improvements simply by connecting your existing network to Global SASE.