Zero Trust

I. Formal Definition

An architectural posture in which no network position, device, or identity is implicitly trusted, and every access decision is authenticated, authorised, and continuously evaluated against the current state of the requester and the requested resource. Zero trust is not a product, a vendor stack, or a single protocol; it is a property of a system that emerges from the consistent application of identity-driven controls across the full request path. The federation treats zero-trust posture as evidence of mature SecOps and requires architectural documentation rather than vendor invoices.

II. Etymology

Term coined by John Kindervag at Forrester in 2010; subsequently formalised in NIST Special Publication 800-207 in 2020.

III. Federation Usage

Federation members claiming zero-trust posture must submit an architecture document tracing each access decision through identity, device, and contextual signals. Vendor branding alone is not accepted as evidence under TGS-002:1.7.

IV. Related Terms

• identity-posture
• lateral-movement
• privilege-drift
• segregation-of-duties

V. Authoritative Citations

• UFMS-001:2.4UFMS Article II - Architectural Posture
• TGS-002:1.7TGS Title II - Architectural Evidence

VI. Citation in BibTeX

@misc{ifo4_glossary_zero_trust,
  title        = {{Zero Trust}},
  author       = {{IFO4 Federation Editorial Board}},
  howpublished = {{IFO4 Federation Glossary, slug \texttt{zero-trust}}},
  year         = {2026},
  url          = {https://ifo4.org/glossary/zero-trust},
  note         = {Category: SecOps; key: ZeroTrust}
}

VII. Challenge This Definition

Federation members and accredited practitioners may challenge any entry under TGS-002:1.7. Filed challenges are routed to the editorial board, triaged into the revision register, and resolved in writing on the public docket. The slug remains stable through any revision.