The National Institute of Standards and Technologies (NIST) has issued a report defining a new paradigm for secure network access, known as the NIST Zero Trust Architecture. This approach aims to improve security by replacing legacy technologies such as virtual private networks (VPN). The NIST Zero Trust Architecture outlines seven technology-agnostic "tenets" that organizations can use to base their zero-trust architecture. These tenets include considering all data sources and computing services as resources, securing all communications regardless of network location, only granting per-session access to individual resources, granting access dynamically based on context, constantly evaluating device and resource security postures, strictly and dynamically enforcing policies before granting access, and monitoring all network activity and acting on learnings. The NIST Zero Trust Architecture is designed to minimize uncertainty in enforcing accurate, least privilege per-request access decisions in information systems and services in the face of a network viewed as compromised. Organizations are adopting this approach due to its ability to make them more secure while improving productivity and network performance. It also helps to shrink the attack surface by replacing publicly-visible gateways with invisible Zero Trust proxies, preventing lateral movement, simplifying granular control, unifying all users and resources, reducing network costs, improving network performance, and improving the user experience. The US government is adopting this approach as part of its efforts to improve cybersecurity in federal agencies.