Chapter 11. Zero Trust Architecture Standards, Frameworks, and Guidelines

Stephen Paul Marsh originally coined the term “zero trust” in his April 1994 Ph.D. dissertation on computer security, where he mathematically defined trust and also claimed that the idea of trust transcends a variety of human traits like morality, ethics, etc. However, it was not until the Forrester report published in November 2010 that the term zero trust was defined and articulated within the context of the zero trust security paradigm that we are familiar with today. Since the publication of that report, a lot has changed in the digital world: we’ve seen widespread adoption of cloud computing, a massive shift toward digitization accelerated by a surge in remote work during and after the COVID-19 pandemic, and the ubiquitous presence of mobile phones and social media in our daily lives. Also, artificial intelligence has evolved from a distant promise to a reality and has become an enormous disruptor to both businesses and individuals.

As a result of technological advances, we are becoming more interconnected, which has many advantages such as improved communications and quicker access to resources, but it has the unintended security consequence of increasing the attack surface area for malicious actors to exploit. This is evident from the FBI Internet Crime Report, which shows that security and data-related crimes in 2022 caused losses in excess of 10 billion USD in the United States alone. As a result, ...