Technical reference

NIST SP 800-207 — Zero Trust Architecture

The seven NIST Zero Trust tenets — and exactly how Okta's identity platform addresses each one.

Assess my maturity
01

All data sources and computing services are considered resources

Every device, service, and data store is a resource that must be protected — regardless of location.

OktaUniversal Directory catalogs every resource. Okta SSO governs access to all of them.
02

All communication is secured regardless of network location

Network location confers no trust. All sessions must be authenticated and encrypted end-to-end.

OktaOkta enforces MFA and session policies for all apps, regardless of network source.
03

Access to individual resources is granted on a per-session basis

Access is not persistent. Each session is evaluated independently based on current context.

OktaOkta FastPass and continuous session evaluation re-authenticate at every access event.
04

Access is determined by dynamic policy

Policy evaluates identity, device health, behavioral signals, and environmental context in real time.

OktaOkta Adaptive MFA and risk-based policies dynamically respond to context signals.
05

The enterprise monitors and measures the integrity of all assets

Device and workload integrity is continuously monitored and factored into access decisions.

OktaOkta Device Trust integrates with MDM/EDR for real-time posture enforcement.
06

All authentication and authorization is dynamic and strictly enforced

Static credentials and long-lived sessions are eliminated. Least-privilege is enforced at every step.

OktaOkta Identity Governance enforces fine-grained RBAC and ABAC with automated reviews.
07

The enterprise collects as much information as possible to improve security posture

Telemetry from every access event feeds continuous learning and posture improvement.

OktaOkta System Log and ThreatInsight aggregate signals across the entire identity fabric.

Map your architecture to NIST ZTA

Book a 30-minute session to walk through your current state against all seven tenets.