In a ZTA, the logical combination of both the policy engine (PE) and policy administrator (PA) is called the policy decision point (PDP). The PE is the component that evaluates the policies and the contextual data collected from various sources and generates an access decision. The PA is the component that establishes or terminates the communication between a subject and a resource based on the access decision. The PDP communicates with the policy enforcement point (PEP), which enforces the access decision on the resource.
References =
Certificate of Competence in Zero Trust (CCZT) prepkit, page 14, section 2.2.2
Zero Trust Architecture Project - NIST Computer Security Resource Center, slide 9
What Is a Zero Trust Security Framework? | Votiro, section “The Policy Engine and Policy Administrator”
Chosen Answer:
This is a voting comment (?). You can switch to a simple comment. It is better to Upvote an existing comment if you don't have anything to add.
Submit