Zero Trust Architecture: Risk Discussion

Abstract

Implemented well, Zero Trust Architecture (ZTA) promises to mitigate cyber risk for organizations of all sizes, risk postures, and cybersecurity maturity states. However, ZTA development, deployment, and operation present challenges that may hinder full adoption and sustained effectiveness and create new risk. Cyber risk should be evaluated by organizations as they make their decision for or against ZTA. Then, as organizations work toward full ZTA adoption and deployment that meets the criteria of maturity for the CISA Zero Trust Maturity Model, they should be aware of the risk that may not be solved by incremental steps. Finally, organizations should be prepared to address residual risk that may not be solved by their ZTA deployment, as well as new risk that may develop as they operate it. Guidance is available to support an organizations choice of ZTA and control the risk that may result from that decision.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Feb 25, 2022
Accession Number
AD1161224

Entities

People

  • Alan Levine
  • Brett Tucker

Organizations

  • Carnegie Mellon University

Tags

Communities of Interest

  • Cyber

DTIC Thesaurus Topics

  • Appetite
  • Business Administration
  • Computer Access Control
  • Computer Vision
  • Cyber Defense Techniques
  • Cybersecurity
  • Deployment
  • Engineering
  • Governments
  • Guarantees
  • Homeland Security
  • Information Security
  • Intrusion Detection
  • Materials
  • Risk
  • Risk Analysis
  • Risk Management
  • Security
  • Software Development
  • Supply Chain
  • Universities

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Maritime Combat Support and Expeditionary Logistics.
  • Software Engineering.

Technology Areas

  • Cyber