What component of a zero-trust architecture uses rules based on security status and threat data for access control?

In a zero-trust architecture, the component that utilizes rules based on security status and threat data for access control is policy-driven access control. This approach fundamentally shifts away from traditional perimeter-based security models by enforcing strict access controls on an as-needed basis. It establishes that no user or device should be trusted by default, regardless of their location within or outside the network.

Policy-driven access control relies on real-time data about the security status of users, devices, and the environment to dynamically adjust access permissions. By integrating threat intelligence and contextual data, such as user behavior and device compliance status, organizations can create granular access policies that dictate who can access what resources and under which circumstances. This is essential for minimizing risk, as it allows the security posture to adapt in response to emerging threats.

The other choices refer to different access control mechanisms. Identity verification focuses primarily on confirming the identity of users attempting to access systems. Role-based access control assigns access permissions based on the roles individuals hold within the organization, without necessarily taking into account real-time security data. Network segmentation involves creating separate network zones to limit access and contain potential threats, but does not directly use threat data for access control decisions.