Which zero-trust control plane component uses rules to determine who can access a service based on the security status of their system, threat data, and similar information?

Policy-driven access control focuses on using rules to determine who can access a service based on security state and other information. Adaptive authorization adjusts authorization levels based on factors like device status, user behavior, and location. Threat scope reduction is a key concept in zero trust that focuses on ensuring that threats have less of a target to attack if they enter the secure environment. Secured zones are no longer a critical concept for zero trust, as continuous verification means all interactions are secured and validated.