Zero Trust Architecture

ZTA

An enterprise cybersecurity architecture that assumes no implicit trust—continuously verifies users, devices, and contexts, and authorizes per‑request access to resources.

#architecture#identity#nist

Last updated: 2025-08-22T00:00:00.000Z

Differences across sources

Parallel sources use distinct terminology or emphasize different aspects. Review each citation to understand scope and normative intent.

Evidence

NIST NIST SP 800-207: Zero Trust Architecture (2020-08) Normative evidence

Zero trust assumes that no implicit trust is granted to assets or user accounts based solely on their physical or network location.

csrc.nist.gov
OTHER CISA Zero Trust Maturity Model v2.0 (2023-04) Informative evidence

Guidance for agencies to progress across identity, devices, networks, applications and workloads, and data pillars in a zero trust journey.

www.cisa.gov

Mappings

CISSP Domain 3 CISSP Domain 5

Examples

Per‑request authorization

Every API call is authenticated and authorized with strong signals (user, device posture, risk), without relying on a “trusted network” boundary.

More context

Common tenets: explicit verification, least‑privilege access, assume breach, continuous monitoring, and strong identity and device health signals feeding policy decisions.

See also