Zero Trust: Risks and Research Opportunities

Abstract

Zero trust (ZT) is a cybersecurity paradigm that focuses on resource protection and the premise that trust is never granted implicitly but must be continually evaluated. It encompasses a collection of concepts and ideas designed to enforce least-privilege resource access to systems and services. To understand what areas of ZT research could be beneficial for the Software Engineering Institute (SEI) to pursue, we developed a notional U.S. government agency. We used this agency to develop an operational vignette to help understand the nodes and actors that would interact with the agency in a hybrid cloud ZT environment.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Mar 01, 2021
Accession Number
AD1126931

Entities

People

  • Geoffrey Sanders
  • Tim Morrow

Organizations

  • Carnegie Mellon University

Tags

DTIC Thesaurus Topics

  • Communities
  • Computer Programming
  • Cybersecurity
  • Engineering
  • Engineers
  • Environment
  • Governments
  • Guarantees
  • Identities
  • Lessons Learned
  • Materials
  • Measurement
  • Risk
  • Situational Awareness
  • Software Development
  • Standards
  • Systems Engineering
  • Technical Debt
  • Telemetry
  • Web Applications

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Systems Analysis and Design

Technology Areas

  • Cyber