Term · 7. Security & Standards
Zero Trust ZT
Zero Trust is a security architecture that eliminates implicit trust based on network location — 'never trust, always verify' applied to every access request. Identity is the central control plane, microsegmentation enforces fine-grained access, and telemetry feeds continuous evaluation. NIST SP 800-207 (2020) is the authoritative reference; mature IGA and PAM are prerequisites, not add-ons.
Definition
Security architecture eliminating implicit trust based on network location — «never trust, always verify» applied to every access request. Identity is central control plane; microsegmentation enforces fine-grained access; telemetry feeds continuous evaluation. NIST SP 800-207 (2020) authoritative reference.
- Application
- MidPoint: "Zero trust" is an approach to cybersecurity based on the concept of "never trust, always verify".
Big4 framing:
• Deloitte — Zero Trust Architecture — phased journey roadmap (people-process-tech)
• EY — Cyber Defense Reinvented — Zero Trust integration with SOC operations
• KPMG — Adaptive Trust — identity-centric Zero Trust framework
• PwC — Trust by Design — Zero Trust as evolution of perimeter-based security
- Sources
-
- NIST SP 800-207 Zero Trust Architecture primary source
Related terms
-
Forrester Zero Trust (originator framework) (ZTX)
Originated by Forrester analyst John Kindervag in 2010 as «No more chewy centers — abolish the trusted network», Zero Tr …
-
Kerberos
Network authentication protocol developed at MIT (Kerberos v5: IETF RFC 4120, 2005) using symmetric-key cryptography and …
-
Public Key Infrastructure (PKI)
Public Key Infrastructure (PKI) — distributed system of services, components, and policies supporting cryptographic oper …
-
Access Object
Access Object — a unit of an information resource for which access is regulated by access control rules. May be a file, …
-
Access Subject
Access Subject — a person or process whose actions are regulated by access control rules to information system objects. …
-
Availability
Availability — property of being accessible and usable on demand by an authorized entity. One of the three core informat …
Frequently asked questions
What is Zero Trust?
Zero Trust is a security model that removes implicit trust from the network — every request is authenticated, authorized and continuously verified regardless of origin. Identity becomes the primary control plane. NIST SP 800-207 (2020) is the reference architecture.
Is Zero Trust a product you can buy?
No. Zero Trust is an architecture and operating principle, not a single product. Vendors sell components — identity, microsegmentation, device posture, policy engines — but you assemble and operate the model. Treat any 'Zero Trust product' claim with caution.
How does Zero Trust relate to IAM and IGA?
Identity is the foundation of Zero Trust — you cannot verify what you cannot identify. Strong authentication (MFA), least privilege, continuous access evaluation and clean entitlements governed by IGA and PAM are prerequisites. Network controls layer on top of a solid identity program, not instead of it.