Line 11: |
Line 11: |
| | | |
| ==Zero Trust Architecture== | | ==Zero Trust Architecture== |
− | Zero Trust Architecture (ZTA) uses zero trust principles to guide industrial and enterprise infrastructure and workflow. Authentication and authorization are discrete functions performed before a session to an enterprise resource is established. | + | Zero Trust Architecture (ZTA) uses zero trust principles to guide industrial and enterprise infrastructure and workflow. Authentication and authorization are discrete functions performed before a session to an enterprise resource is established.<ref>[https://csrc.nist.gov/publications/detail/sp/800-207/final SP 800-27, NIST]</ref> |
| + | ===Components=== |
| + | The following components do not make a system trusted; they work together to eliminate trust:<ref>[https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-architecture What is a Zero Trust Architecture, Palo Alto Networks]</ref> |
| + | * Protect Surfaces generally includes the most important data, assets, applications, and services (DAAS) in an organization; |
| + | * Attack Surfaces; |
| + | * A microperimeter goes anywhere the protect surface goes; |
| + | * A segmentation gateway, aka a next-generation firewall, allows traffic or legitimate applications to access the protect surface; |
| + | * The Kipling Method defines a zero trust policy based on who, what, when, where, why, and how; and |
| + | * A Zero Trust policy determines who can cross the microperimeter, stops access to protect surfaces by unauthorized users, and prevents sensitive data exfiltration. |
| | | |
| ==References== | | ==References== |
| | | |
| [[Category:Cybersecurity]] | | [[Category:Cybersecurity]] |