Glossary / Security
Zero Trust
Zero trust is a security model that treats no user, device, or network as inherently trusted, requiring every request to be authenticated, authorized, and continuously evaluated based on identity and context.
Also: zero trust, zero trust architecture
Zero trust replaces the old idea of a trusted internal network with a simple rule: never trust, always verify. Every request to a resource is authenticated and authorized on its own merits, using the identity of the user and device plus context such as location and risk, rather than being trusted because it came from inside a network boundary.
Identity is the foundation of zero trust, since access decisions hinge on who is asking and under what conditions. That is why strong authentication, fine-grained authorization, and continuous risk evaluation are core to it.
While zero trust is usually framed for workforce and infrastructure security, the same principles shape CIAM: authenticate strongly, authorize narrowly, and re-evaluate risk continuously rather than granting broad standing trust after a single login.
Sources
- NIST SP 800-207, Zero Trust Architecture: https://csrc.nist.gov/pubs/sp/800/207/final
Related terms
Standards
- NIST SP 800-207