14,932
edits
Changes
→Zero Trust Architecture
==Zero Trust Architecture==
==Zero Trust Architecture==
Zero Trust Architecture (ZTA) uses zero trust principles to guide industrial and enterprise infrastructure and workflow. Authentication and authorization are discrete functions performed before a session to an enterprise resource is established.
Zero Trust Architecture (ZTA) uses zero trust principles to guide industrial and enterprise infrastructure and workflow. Authentication and authorization are discrete functions performed before a session to an enterprise resource is established.<ref>[https://csrc.nist.gov/publications/detail/sp/800-207/final SP 800-27, NIST]</ref>
===Components===
The following components do not make a system trusted; they work together to eliminate trust:<ref>[https://www.paloaltonetworks.com/cyberpedia/what-is-a-zero-trust-architecture What is a Zero Trust Architecture, Palo Alto Networks]</ref>
* Protect Surfaces generally includes the most important data, assets, applications, and services (DAAS) in an organization;
* Attack Surfaces;
* A microperimeter goes anywhere the protect surface goes;
* A segmentation gateway, aka a next-generation firewall, allows traffic or legitimate applications to access the protect surface;
* The Kipling Method defines a zero trust policy based on who, what, when, where, why, and how; and
* A Zero Trust policy determines who can cross the microperimeter, stops access to protect surfaces by unauthorized users, and prevents sensitive data exfiltration.
==References==
==References==
[[Category:Cybersecurity]]
[[Category:Cybersecurity]]