Term · 27. Emerging Categories 2024-2026
Zero Standing Privilege ZSP
Definition
Operating model where no human identity holds permanent administrative privileges. All elevated access is granted Just-In-Time (JIT) with approval and time-bound expiry. Combined with Just Enough Administration (JEA), achieves the principle of least privilege at the temporal dimension. Coined by Gartner; central to modern PAM and Zero Trust architectures.
- Application
- Regulatory: Gartner Magic Quadrant / Hype Cycle · KuppingerCole Leadership Compass · NIST SP 800-63 (Digital Identity Guidelines)
- Standards & regulations
-
- Gartner
- KC
- NIST
- Sources
-
- Gartner — Zero Standing Privilege (ZSP) framework primary source
Related terms
-
Just-In-Time (JIT) Access (JIT)
Authorization model granting elevated privileges only when needed and for a limited time window, after approval. Replace …
-
Privileged Account Monitoring
Continuous oversight of privileged account activity — login events, command execution, session metadata, configuration c …
-
Bastion Host
Hardened gateway server providing controlled access to internal systems — users connect to bastion, then jump to target …
-
CMMC (Cybersecurity Maturity Model Certification) (CMMC)
US Department of Defense framework certifying cybersecurity practices of Defense Industrial Base (DIB) contractors handl …
-
Continuous Adaptive Trust
Authentication and authorization paradigm where trust is recomputed continuously throughout a session based on real-time …
-
Non-Human Identity (NHI)
Identities for service accounts, API keys, OAuth client secrets, machine certificates, workload identities (AWS IAM role …