---
title: NIST Zero Trust Architecture model

config:
  look: default
  displayMode: full
---
flowchart TB

classDef default fill:#f7f7f8,color:#0f172a,stroke:#1f2933;

subgraph "Zero Trust architecture"
  subgraph "Control plane"
    subgraph "Policy decision point (PDP)"
      pe["Policy engine (PE)"]
      pa["Policy administrator (PA)"]
    end
  end
  subgraph "Data plane"
    pep["Policy enforcement point (PEP)"]
  end
  subgraph "Policy information points (PIP)"
    pip_cdm["CDM system"]
    pip_ti["Threat intelligence"]
    pip_logs["Activity logs"]
    pip_iam["ID management / PKI"]
    pip_siem["SIEM / Analytics"]
    pip_edr["EDR / EPP"]
  end
  subgraph "External ecosystem"
    subgraph "Subject"
      user["User / Identity"]
      subgraph "Device / Endpoint"
        agent["Agent / Client"]
      end
    end
    subgraph "Resource enclave"
      resource["Enterprise resource"]
    end
  end
end


classDef alt_01 fill:#FFF5EB,color:#944C00,stroke:#FFCCB2;
classDef info fill:#E6FFFA,color:#004D40,stroke:#4DB6AC;
classDef main_04 fill:#003B94,color:#FFFFFF,stroke:#002157;
classDef main_02 fill:#B2CCFF,color:#003B94,stroke:#598BFF;
classDef main_01 fill:#EBF2FF,color:#003B94,stroke:#B2CCFF;
classDef main_03 fill:#598BFF,color:#FFFFFF,stroke:#003B94;
classDef alt_02 fill:#FFCCB2,color:#944C00,stroke:#FF8B59;
classDef highlight fill:#222222,color:#ffffff,stroke:#dddddd;
class agent main_04;
class pa main_04;
class pe main_04;
class pep main_03;
class pip_cdm info;
class pip_edr info;
class pip_iam info;
class pip_logs info;
class pip_siem info;
class pip_ti info;
class resource alt_02;
class user alt_02;

 agent -->|"Access request"| pep
 pa -->|"Evaluate"| pe
 pa -->|"Command"| pep
 pe -->|"Decision"| pa
 pep -->|"Authenticate"| pa
 pep -->|"Log activity"| pip_logs
 pep -->|"Allowed traffic"| resource
 pip_cdm -->|"Asset health"| pe
 pip_edr -->|"Device posture"| pe
 pip_iam -->|"Identity attributes"| pe
 pip_siem -->|"Behaviour/Risk"| pe
 pip_siem -->|"Dynamic risk update"| pe
 pip_ti -->|"Threat intel"| pe