What framework requires all users to be authenticated and authorized for security before accessing applications?

The correct answer is grounded in the principles of the Zero Trust framework. Zero Trust is built on the fundamental assumption that threats could be internal or external, and therefore, no user or device should be inherently trusted, even if they are inside the network perimeter.

This framework mandates that all users must undergo strict authentication and authorization processes before being granted access to applications and resources. It ensures that identity verification is conducted at every stage, continuously verifying each user’s identity and permissions. This approach protects sensitive data by applying the principle of least privilege, ensuring that users only access the resources necessary for their role.

In contrast, the other options do not emphasize strict authentication and authorization measures to this extent. Defense-in-Depth incorporates multiple layers of security but does not specifically require universal authentication for all users. Zebra Security and Layered Security may include various security measures but lack the focused requirement on authentication and authorization inherent to Zero Trust principles. Thus, the emphasis on comprehensive verification before granting access distinctly positions Zero Trust as the framework in question.