According to the NIST’s Special Publication 800-207 Zero Trust Architecture, one of the fundamental components of such an architecture is the Policy Enforcement Point, where access from the untrusted zone to the trusted zone is controlled according to strictly defined rules. When the objective is to apply this architecture from an emitting workstation to a receiving workstation, this Policy Enforcement Point is necessarily physically split into several components, several Policy Enforcement Points in each of the workstations and a Policy Enforcement Server ensuring the routing of ciphered information to authenticated recipients.
Zero-Trust General Architecture
Another essential component in a zero-trust architecture is the Policy Decision Point, with two sub-components, the Policy Engine that makes the decision to grant access to users and the Policy Administrator that executes the decision via commands sent to the Policy Enforcement Point. In CyferAll’s version of zero-trust architecture, both of these sub-components are implemented in a security server called the Policy Decision Point. This server insures all initialisation processes for the onboarding of new users and grants authorisations at login.
As a result, the boundary between the trusted and untrusted zones crosses over the Policy Decision Point and each of the users’ workstations. It is the purpose of CyferAll’s technology to implement this expansion of the zero trust model safely inside computers by redefining “end to end” encryption from information creation to information restitution.