Zero Trust
A security model that requires strict identity verification for every person and device attempting to access resources, regardless of whether they are inside or outside the network perimeter. Zero Trust operates on the principle of 'never trust, always verify' and assumes that breaches are inevitable. Key pillars include micro-segmentation, least privilege access, continuous verification, and real-time monitoring. The NIST SP 800-207 framework provides guidance for implementing Zero Trust architectures. This model has become a dominant security strategy and is increasingly tested in CISSP, Security+, and cloud security certifications.
Why It Matters
In practice, Zero Trust is critical because the traditional perimeter-based security model has become obsolete with remote work, cloud adoption, and mobile devices extending the network boundary. Organizations that fail to implement Zero Trust principles face lateral movement by attackers who breach the perimeter and move freely across flat internal networks. The SolarWinds supply chain attack demonstrated how implicit trust within networks enabled months of undetected espionage. Federal agencies are now mandated to adopt Zero Trust under Executive Order 14028. On certification exams such as CISSP, Security+, and CCSP, expect questions about Zero Trust architecture components, micro-segmentation strategies, continuous authentication versus session-based trust, and how Zero Trust differs from traditional perimeter defense models.
Practice this topic
Test your knowledge of Zero Trust concepts with exam-style practice questions.
Related Access Control terms
Access Control List (ACL)
A list of permissions attached to an object that specifies which users or system processes are granted access to resources and what operations they can perform. ACLs are implemented in routers, firewalls, and operating systems to filter traffic and restrict file access. They can be standard (filtering by source IP only) or extended (filtering by source, destination, port, and protocol). In cybersecurity certifications like CISSP and Security+, understanding ACLs is essential for network security and access management domains.
Authentication
The process of verifying the identity of a user, device, or system before granting access to resources. Authentication typically relies on one or more factors: something you know (password), something you have (token or smart card), or something you are (biometric). Modern systems often combine multiple factors (MFA) to strengthen security. Common authentication protocols include Kerberos, LDAP, OAuth 2.0, and SAML. Authentication is a foundational concept tested across nearly every cybersecurity certification.
Authorization
The process of determining what resources or actions an authenticated user is permitted to access. While authentication verifies identity, authorization enforces permissions based on policies, roles, or attributes. Common models include discretionary access control (DAC), mandatory access control (MAC), role-based access control (RBAC), and attribute-based access control (ABAC). Authorization failures are a leading cause of data breaches, making this a critical topic in CISSP, Security+, and OWASP Top 10 studies.
Multi-Factor Authentication (MFA)
A security mechanism that requires two or more independent credentials to verify a user's identity, combining factors from different categories: knowledge (passwords, PINs), possession (hardware tokens, smartphones), and inherence (fingerprints, facial recognition). MFA significantly reduces the risk of account compromise — Microsoft reports it blocks over 99.9% of automated attacks. It is required by many compliance frameworks including PCI DSS, HIPAA, and NIST 800-63. MFA implementation is a key topic in Security+, CISSP, and cloud security certifications.
Single Sign-On (SSO)
An authentication scheme that allows a user to log in with a single set of credentials to access multiple applications and services without re-authenticating. SSO improves user experience and reduces password fatigue, but creates a single point of failure if the identity provider is compromised. Common SSO protocols include SAML 2.0, OAuth 2.0, and OpenID Connect. Enterprise SSO solutions often integrate with Active Directory or cloud identity providers like Okta and Azure AD. SSO is covered in CISSP Domain 5 (Identity and Access Management) and Security+.
Privilege Escalation
An attack where a user gains elevated access to resources that are normally protected, beyond what their assigned permissions allow. Vertical escalation involves gaining higher-level privileges (e.g., from user to admin), while horizontal escalation means accessing another user's resources at the same privilege level. Common techniques include exploiting misconfigurations, kernel vulnerabilities, weak file permissions, or unpatched software. Privilege escalation is a critical phase in penetration testing and is heavily tested in CEH, OSCP, and PenTest+ certifications.