Optiv Cybersecurity Dictionary

What is Continuous Adaptive Risk and Trust Assessment (CARTA)?

According to Gartner, a CARTA mindset allows enterprises to make decisions based on risk and trust. Decisions must continuously adapt, security responses must continuously adapt, and thus risk and trust must continuously adapt.


Digital trust is a key element of security and allows a network to access everything and permit the access of a specific user. Security is a process that must be reviewed and adjusted based on new network attributes, users and policies. Machine learning (ML) and artificial intelligence (AI) can help find threats that bypass any rules-based systems, by looking at traffic patterns, user, network and asset behaviors, and becoming more focused over time.


Making decisions and security responses based on risk and trust and continuously adapting to the context and learnings gained from each interaction forces organizations to use a continuously adaptive approach to security, because in a rapidly changing digital world, black or white decisions (allow or block) are no longer adequate.


Enterprises must decide how and when to enable transactions when not all data is available, or there's a known level of risk. Simplistic block/allow security assessments for access and protection leave organizations exposed to targeted and zero-day attacks, credential theft and insider threats. Digital trust must be adaptively managed as a set of focused measures of confidence with multidimensional risk and response attributes.

Contact Us