ZERO-TRUST-ARCHITECTURE
NIST never trust, always verify.
Definition
ZTA controls access via policy enforcement point (PEP) and policy decision point (PDP). Components: identity (OAuth, OIDC), device posture, context (location, time), risk score, micro-perimeter segmentation. Adopted by US Executive Order 14028 (2021).
Origin
Forrester concept 2010 by John Kindervag ; standardised NIST SP 800-207 August 2020.
Example in context
A cloud EDI applies ZTA — each API call requires OIDC token + MFA + device posture check, never IP allow-listing alone.
Related terms
- NIST CSF v2 — parent framework.