Term · 27. Emerging Categories 2024-2026
Continuous Adaptive Risk and Trust Assessment CARTA
Definition
Gartner framework introduced 2017 — a security posture that continuously evaluates risk and adjusts trust assertions throughout each session, rather than at a single authentication moment. Replaces «authenticate then trust» with «authenticate, continuously monitor, dynamically adjust trust». A foundational concept underlying Zero Trust Architecture and modern adaptive authentication.
- Synonyms
-
- CARTA framework
- Continuous Adaptive Trust
- Application
- Regulatory: Gartner Magic Quadrant / Hype Cycle · NIST SP 800-63 (Digital Identity Guidelines)
- Standards & regulations
-
- Gartner
- NIST
- Sources
-
- Gartner CARTA framework press release (2017) primary source
Related terms
-
Availability
Availability — property of being accessible and usable on demand by an authorized entity. One of the three core informat …
-
BeyondCorp
Google's enterprise Zero Trust security model published in 2014, eliminating the concept of a trusted internal network. …
-
CMMC (Cybersecurity Maturity Model Certification) (CMMC)
US Department of Defense framework certifying cybersecurity practices of Defense Industrial Base (DIB) contractors handl …
-
FedRAMP (Federal Risk and Authorization Management Program) (FedRAMP)
US government program standardising security assessment and authorization of cloud services used by federal agencies. Th …
-
Forrester Zero Trust (originator framework) (ZTX)
Originated by Forrester analyst John Kindervag in 2010 as «No more chewy centers — abolish the trusted network», Zero Tr …
-
Continuous Adaptive Trust
Authentication and authorization paradigm where trust is recomputed continuously throughout a session based on real-time …