Abstract
Zero trust assumes that all points of trust will be questioned and mitigated, that the individual resources are protected, and that there is no reliance on the network for protection. This helps to limit threat mobility and contain damage. Rules for multifactor authentication and micro-segmentation are often cited as a Zero Trust Architecture (ZTA), but these so-called architectures lack guidelines for the major points of trust in the system. True zero trust is not achievable—only minimal trust can be achieved. Certain trust points are inevitable, such as certificate authorities, policy evaluation, and decision points. There are no metrics measuring whether or not zero trust objectives have been met. It is the goal of this paper to move toward a general metric of trust.
Sign-in/Register to access full text options 
Free) 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
