Over the past several years, zero trust architecture has emerged as an important topic within the field of cybersecurity. Heightened federal requirements and pandemic-related challenges have accelerated the timeline for zero trust adoption within the federal sector. Private sector organizations are also looking to adopt zero trust to bring their technical infrastructure and processes in line with cybersecurity best practices. Real-world preparation for zero trust, however, has not caught up with existing cybersecurity frameworks and literature. NIST standards have defined the desired outcomes for zero trust transformation, but the implementation process is still relatively undefined. As the nation’s first federally funded research and development center with a clear emphasis on cybersecurity, the Carnegie Mellon University Software Engineering Institute (SEI) is uniquely positioned to bridge the gap between NIST standards and real-world implementation. In this podcast, Tim Morrow and Matthew Nicolai, researchers with the SEI’s CERT Division, have outlined 4 steps that organizations can take to implement and maintain zero trust architecture.