A policy administrator (PA) is a ZTA policy entity that is responsible for crafting and maintaining the policies that govern the access to resources in a ZT environment1.A PA defines the rules and conditions that specify who, what, when, where, and how an entity can access a resource, based on the principle of least privilege2.A PA also updates and reviews the policies periodically to ensure they are aligned with the changing business and security requirements3.

Reference=

Zero Trust Architecture | NIST

Zero Trust Architecture: Policy Engine and Policy Administrator

Zero Trust Architecture: Policy Administration

The protect surface in a ZTA is the collection of sensitive data, assets, applications, and services (DAAS) that require protection from threats1. One benefit of the protect surface in a ZTA for an organization implementing controls is that it allows the controls to be moved closer to the asset and minimize risk.This means that instead of relying on a single perimeter or boundary to protect the entire network, ZTA enables granular and dynamic controls that are applied at or near the DAAS components, based on the principle of least privilege2.This reduces the attack surface and the potential impact of a breach, as well as improves the visibility and agility of the security posture3.

Reference=

Zero Trust Architecture | NIST

Zero Trust Architecture Explained: A Step-by-Step Approach - Comparitech

What is Zero Trust Architecture (ZTA)? - CrowdStrike

The policy engine (PE) is the component in a ZTA that is responsible for deciding whether to grant access to a resource. The PE evaluates the policies and the contextual data collected from various sources, such as the user identity, the device posture, the network location, the resource attributes, and the environmental factors, and then generates an access decision. The PE communicates the access decision to the policy enforcement point (PEP), which enforces the decision on the resource.

Reference=

Certificate of Competence in Zero Trust (CCZT) prepkit, page 14, section 2.2.2

What Is Zero Trust Architecture (ZTA)? - F5, section ''Policy Engine''

What is Zero Trust Architecture (ZTA)? | NextLabs, section ''Core Components''

[SP 800-207, Zero Trust Architecture], page 11, section 3.3.1

Business continuity and disaster recovery are the activities of the ZT implementation preparation phase that ensure the resiliency of the organization's operations in the event of disruption. Business continuity refers to the process of maintaining or restoring the essential functions of the organization during and after a crisis, such as a natural disaster, a cyberattack, or a pandemic. Disaster recovery refers to the process of recovering the IT systems, data, and infrastructure that support the business continuity. ZT implementation requires planning and testing the business continuity and disaster recovery strategies and procedures, as well as aligning them with the ZT policies and controls.

Reference=

Zero Trust Planning - Cloud Security Alliance, section ''Monitor & Measure''

Zero Trust architecture: a paradigm shift in cybersecurity - PwC, section ''Continuous monitoring and improvement''

Zero Trust Implementation, section ''Outline Zero Trust Architecture (ZTA) implementation steps''

ZTA planning can improve the developer experience by streamlining access provisioning to deployment environments. This means that developers can access the resources and services they need to deploy their applications in a fast and secure manner, without having to go through complex and manual processes. ZTA planning can also help to automate and orchestrate the access provisioning using dynamic and granular policies based on the context and attributes of the developers, devices, and applications.

Reference=Certificate of Competence in Zero Trust (CCZT) - Cloud Security Alliance,Zero Trust Training (ZTT) - Module 10: ZTA Planning and Implementation