Glossary / Authentication
Continuous Adaptive Trust (CARTA)
Continuous adaptive trust is the principle that access decisions should be re-evaluated continuously from current risk signals rather than settled once at login, raising or lowering friction as context changes.
Also: CARTA, Continuous Adaptive Risk and Trust Assessment, Continuous Adaptive Trust
Continuous adaptive trust holds that a single login is too weak a basis to trust a session indefinitely. Instead of deciding once at the door and never revisiting it, the system keeps assessing risk from live signals and adjusts what it allows as the picture changes. The idea was popularized as CARTA (continuous adaptive risk and trust assessment) and shares its DNA with zero trust.
The assessment weighs both affirmative signals that confirm the legitimate user, such as a known device or normal location, and negative signals that suggest risk, such as a new device, impossible travel, or anomalous behavior, along with the sensitivity of the action being attempted. The result is a continuously updated risk posture rather than a one-time pass or fail.
In CIAM, continuous adaptive trust is the principle behind adaptive authentication and step-up. It keeps everyday access frictionless while reserving challenges for the moments risk or value justifies them, which is how a platform protects against account takeover and new-account fraud without taxing every honest customer.
Sources
- NIST SP 800-207, Zero Trust Architecture: https://csrc.nist.gov/pubs/sp/800/207/final