Cloud 101CircleEventsBlog
Discover the latest cloud threats, evolving AI risks, and how to stay ahead. Don’t miss CSA’s free Cloud Threats & Vulnerabilities Summitregister now!

Download Publication

Zero Trust Guiding Principles v1.1
Zero Trust Guiding Principles v1.1

Zero Trust Guiding Principles v1.1

Release Date: 09/03/2024

Working Group: Zero Trust

Zero Trust is a strategic mindset that is highly useful for organizations to adopt as part of their digital transformations. Based on the idea of "never trust, always verify," the Zero Trust model helps strengthen security and resilience. However, people also tend to misunderstand and over-complicate Zero Trust. Conflicting messaging and a lack of established standards bars many organizations from proceeding with Zero Trust adoption.

This document provides a clear understanding of what Zero Trust security is and lays out the guiding principles for planning, implementing, and operating Zero Trust. These Zero Trust best practices remain consistent across all Zero Trust pillars, use cases, environments, and products.

The updates for Version 1.1 include graphics to promote readability and references to AI.

Principles Covered:
  • Begin with the end in mind
  • Do not overcomplicate
  • Products are not the priority
  • Access is a deliberate act
  • Inside out, not outside in 
  • Breaches happen
  • Understand your risk appetite
  • Ensure the tone from the top
  • Instill a Zero Trust culture
  • Start small and focus on quick wins
  • Continuously monitor
Download this Resource

Bookmark
Share
Related resources
CSA Code of Conduct to EU Cloud Code of Conduct Mapping
CSA Code of Conduct to EU Cloud Code of Conduct...
Cloud Key Management Working Group Charter 2025
Cloud Key Management Working Group Charter 2025
Enterprise Authority To Operate (EATO) Auditing Guidelines
Enterprise Authority To Operate (EATO) Auditing...
How To Transform Your GRC with Continuous Controls Monitoring
How To Transform Your GRC with Continuous Controls Monitoring
Published: 03/26/2025
Zero Trust Makes Cybersecurity Everyone's Responsibility
Zero Trust Makes Cybersecurity Everyone's Responsibility
Published: 03/25/2025
Forget the Corporate Ladder and ‘Rock-Climb’ Your Way to Success
Forget the Corporate Ladder and ‘Rock-Climb’ Your Way to Success
Published: 03/25/2025
Hybrid Work: Navigating Security Challenges in the Modern Enterprise
Hybrid Work: Navigating Security Challenges in the Modern Enterprise
Published: 03/24/2025
Are you a research volunteer? Request to have your profile displayed on the website here.

Interested in helping develop research with CSA?

Related Certificates & Training