View Resource
Zero Trust Guiding Principles V1.1
Release Date: 09/03/2024
Organization: CSA
Content Type: Guidance
Solution Provider Neutrality: Neutral
Zero Trust (ZT) is a strategic mindset that is highly useful for organizations to adopt as part of digital transformation and other efforts to increase the security and resilience of their organizations. Zero Trust is easily misunderstood and over-complicated because of the conflicting messaging within the Security industry, and the lack of established Zero Trust standards. In fact, Zero Trust is based on long-standing principles that have become more critical because of changes in the way we work and live: remote workers, increased reliance on third parties, adoption of the Cloud, and the widespread and accelerated adoption of Artificial Intelligence (AI) like Machine Learning (ML), Natural Language Processing (NLP), and Large Language Models (LLM), to name a few. This document is designed to fill the gaps and provide clarity by mapping out the underlying principles, including established Information Security (InfoSec) principles like the Concept of Least Privilege, Separation of Duties, and Segmentation. These guiding principles will remain consistent across all Zero Trust Pillars, varying use cases, different environments, and products. This guidance will evolve as the industry evolves.