Technical reference

NIST SP 800-207 — Zero Trust Architecture

The seven NIST Zero Trust tenets — and exactly how Okta's identity platform addresses each one.

Every device, service, and data store is a resource that must be protected — regardless of location.

OktaUniversal Directory catalogs every resource. Okta SSO governs access to all of them.

Network location confers no trust. All sessions must be authenticated and encrypted end-to-end.

OktaOkta enforces MFA and session policies for all apps, regardless of network source.

Access is not persistent. Each session is evaluated independently based on current context.

OktaOkta FastPass and continuous session evaluation re-authenticate at every access event.

Policy evaluates identity, device health, behavioral signals, and environmental context in real time.

OktaOkta Adaptive MFA and risk-based policies dynamically respond to context signals.

Device and workload integrity is continuously monitored and factored into access decisions.

OktaOkta Device Trust integrates with MDM/EDR for real-time posture enforcement.

Static credentials and long-lived sessions are eliminated. Least-privilege is enforced at every step.

OktaOkta Identity Governance enforces fine-grained RBAC and ABAC with automated reviews.

Telemetry from every access event feeds continuous learning and posture improvement.

OktaOkta System Log and ThreatInsight aggregate signals across the entire identity fabric.

Map your architecture to NIST ZTA

Book a 30-minute session to walk through your current state against all seven tenets.