ZTA - Khan BMS Battlefield Management System
Working notes on ZTA (Zero Trust Architecture): distributed c2 context, design trade-offs, and where it fits in the Arban–Tumen hierarchy.
ZTA is a cost-curve question disguised as a technical one. If the per-node integration cost does not collapse, the standard does not matter.
ZTA, expanded, is Zero Trust Architecture — Security model that authenticates and authorizes every request regardless of network location. Zero Trust Architecture (NIST SP 800-207) replaces perimeter trust with continuous, per-request authentication, authorization, and policy evaluation. The DoD Zero Trust Reference Architecture mandates ZTA for all DoD networks, and it is the security foundation under JADC2 data fabrics.
Khan BMS doesn't ship ZTA as a checkbox. It ships it as the boundary between human authority and machine execution — signed at issue, verified at receipt, and replayable for any after-action review the JAG cares to run.
That is the unglamorous version of why Khan BMS exists: to make ZTA a routine operating assumption instead of a research demo.