CME-201

Zero Trust Gateway / Identity-Aware Proxy

Isolate Network High Confidence

Description

All network access requires authenticated identity verification. No implicit trust from network position. Every request is authenticated and authorized regardless of source network.

CVSS Vector Impacts

Metric Transition Rationale
Attack Vector (AV) N L Network-accessible services are shielded behind identity verification; attacker cannot exploit remotely without valid credentials

CWE Relationships

CWE-284 CWE-306 CWE-287

Verification

Verify identity-aware proxy or zero trust gateway is in enforcement path

$ curl -s -o /dev/null -w '%{http_code}' http://service.internal/healthz
# Expected: 401
Platform: any
← CME-118: Protected File Links (Kernel Symlink/Hardlink Protection) CME-202: Host-Based Firewall (firewalld/nftables) →