The study examines architectural principles for Zero Trust Privileged Access Management in corporate infrastructures that rely on cloud resources, distributed administration, DevOps pipelines, and machine identities. Privileged access creates risk because administrators, service accounts, automation scripts, and emergency credentials can change infrastructure state across several layers. The research aim is to define a Zero Trust PAM model that connects continuous verification, least privilege, session governance, and audit evidence. The study uses comparative source analysis, conceptual synthesis, typologization, and analytical generalization of standards, peer-reviewed studies, and threat frameworks. The review identifies three outcomes: privileged access moves toward short-lived task sessions, PAM becomes a control point between identity, network, cloud, and monitoring layers, and governance covers human and machine privileges through one evidence trail. The proposed principles help security architects plan PAM modernization without vendor claims, undisclosed deployment metrics, or customer-specific case details. The paper follows a review-plus analytical design for publication.

Zero Trust, privileged access management, least privilege, identity security, session governance, PAM architecture, lateral movement, privilege escalation, hybrid infrastructure, auditability

Aboukadri, S., Ouaddah, A., & Mezrioui, A. (2024). Machine learning in identity and access management systems: Survey and deep dive. Computers & Security, 139, 103729. doi: 10.1016/j.cose.2024.103729

Adahman, Z., Malik, A. W., & Anwar, Z. (2022). An analysis of zero-trust architecture and its cost-effectiveness for organizational security. Computers & Security, 122, 102911. doi: 10.1016/j.cose.2022.102911

Chandramouli, R., & Butcher, Z. (2023). A zero-trust architecture model for access control in cloud-native applications in multi-location environments. National Institute of Standards and Technology. doi: 10.6028/NIST.SP.800-207A

Cybersecurity and Infrastructure Security Agency. (2023). Zero Trust Maturity Model, Version 2.0. U.S. Department of Homeland Security.

Fernandez, E. B., & Brazhuk, A. (2024). A critical analysis of Zero Trust Architecture (ZTA). Computer Standards & Interfaces, 89, 103832. doi: 10.1016/j.csi.2024.103832

Ferretti, L., Magnanini, F., Andreolini, M., & Colajanni, M. (2021). Survivable zero trust for cloud computing environments. Computers & Security, 110, 102419. doi: 10.1016/j.cose.2021.102419

Itodo, C., & Ozer, M. (2024). Multivocal literature review on zero-trust security implementation. Computers & Security, 141, 103827. doi: 10.1016/j.cose.2024.103827

Joint Task Force. (2020). Security and privacy controls for information systems and organizations. NIST Special Publication 800-53, Revision 5. National Institute of Standards and Technology. doi: 10.6028/NIST.SP.800-53r5

MITRE Corporation. (2026). MITRE ATT&CK Enterprise Matrix: Valid Accounts T1078, Exploitation for Privilege Escalation T1068, and Account Manipulation T1098. Retrieved May 2, 2026.

Rose, S., Borchert, O., Mitchell, S., & Connelly, S. (2020). Zero Trust Architecture. NIST Special Publication 800-207. National Institute of Standards and Technology. doi: 10.6028/NIST.SP.800-207