§ 02b · Federal standards
Aligned to federal standards
This is not a proprietary method.
It is a federal standard.
This project implements the architecture the U.S. federal government has formally adopted for federal agencies and critical infrastructure.
| Source Document | Authority | What Is Implemented |
|---|---|---|
| NIST SP 800-207 — Zero Trust Architecture | NIST | The PEP/PIP/PDP reference model. Every access decision flows through these three components in the order the standard defines. |
| NIST SP 800-207A — ZTA for Cloud-Native Apps | NIST | Multi-tier policy enforcement at the application boundary, not the network perimeter. |
| CISA Zero Trust Maturity Model v2.0 | DHS/CISA | Maturity across five pillars: Identity, Devices, Networks, Applications & Workloads, and Data. |
| DoD Zero Trust Reference Architecture v2.0 | DoD | "Never trust, always verify" enforcement at every transaction; explicit decision logging. |
| NIST SP 800-162 — ABAC | NIST | The ABAC policy format used by the Policy Decision Point (subject + action + resource + environment). |
| NIST SP 800-63-3 — Digital Identity Guidelines | NIST | Identity assurance and authenticator binding. |