Zero Trust Philosophy Versus Architecture

Abstract

Zero trust assumes that all points of trust will be questioned and mitigated, that the individual resources are protected, and that there is no reliance on the network for protection. This is done to limit threat mobility and contain damage. The presentation of rules for multifactor authentication and micro-segmentation are often cited as a Zero Trust Architecture (ZTA), but these so-called architectures lack a plan for major points of trust in the system. Zero trust is not achievable, and only minimal trust can be cultivated. Certain trust points are inevitable such as certificate authorities, policy evaluation and decision points, and others. The more general Zero Trust Philosophy (ZTP) covers not only those architectural issues, but also the philosophical ones. The ZTP allows the network architect to examine each trust point and make a decision about verification and validation.

Open PDF

Document Details

Document Type
Technical Report
Publication Date
Nov 01, 2021
Accession Number
AD1204909

Entities

People

  • Simpson R. William

Organizations

  • Institute for Defense Analyses

Tags

DTIC Thesaurus Topics

  • Authentication
  • Computer Access Control
  • Computer Network Security
  • Computer Networks
  • Computer Science
  • Computing System Architectures
  • Cryptography
  • Cyber Warfare
  • Department Of Defense
  • Information Systems
  • Multi-Factor Authentication
  • Network Architecture
  • Philosophy
  • Security
  • Standards
  • Validation
  • Verification

Fields of Study

  • Computer science

Readers

  • Cybersecurity.
  • Systems Analysis and Design