SecPlusTrainer / Glossary / What is a Policy Enforcement Point (PEP)?
D1 · General

What is a Policy Enforcement Point (PEP)?

A PEP enforces access control decisions made by a Policy Decision Point (PDP) — validating requests and permitting or denying access based on policy.
Zero trust architecture separates the decision (PDP/Policy Engine) from the enforcement (PEP). PEP = firewall, proxy, API gateway. PDP = identity provider, policy engine. Separating them enables dynamic, context-aware access decisions.

Related Terms

What is an access token in security? What is an account lockout policy? What is Active Directory (AD)? What is Active Directory Certificate Services (AD CS)?
← Back to Glossary Practice Questions →