The National Institute for Standards and Technology has issued a special publication NIST SP 800-207 defining the architecture and concepts for deploying successful ZTA.
“Zero Trust Architecture is an end-to-end approach to network/data security that encompasses identity, credentials, access management, operations, endpoints, hosting environments, and the interconnecting infrastructure. Zero trust is an architectural approach that is focused on data protection.
…
In Figure 1, a user or machine needs access to an enterprise resource. Access is granted through a 365 Policy Decision Point (PDP) and corresponding Policy Enforcement Point (PEP).
Policy Enforcement Point (PEP): This system is responsible for enabling, monitoring, and terminating connections between a subject and an enterprise resource.