The core principle of a Zero Trust Architecture is simple: "Only the necessary people, to the necessary resources, at the necessary time." To achieve this, there are three primary components at play.

1. Policy Decision Point (PDP)

• Policy Engine (PE): Makes the final decision by determining if it should "permit" or "deny" access.

• Policy Administrator (PA): Initiates or blocks the session based on PE's decision.

2. Policy Enforcement Point (PEP)

• Acts as a "security gateway" that actually allows or denies access requests. PEP functions as client software or a network gateway.

3. Policy Information Point (PIP)

• Provides data that can be used as input for the policy engine or policy rules (data for trust assessments).

  • User ID and authentication status (ID Management System)

  • Network and System Activity Logs

  • Threat Intelligence

  • Industry Compliance

  • Data Access Policies

  • Security Information and Event Management (SIEM) systems

In simple terms, PDP is the referee, PEP is the gatekeeper, and PIP is the provider of information. These three work together to thoroughly verify all access requests.