Zero Trust is a security model that eliminates implicit trust based on network location. Traditional security assumed that users and devices inside the corporate network were trustworthy. Zero Trust assumes breach and verifies every access request regardless of where it originates.
Core principles include verifying explicitly through strong authentication, using least privilege access, and assuming breach by minimizing blast radius and segmenting access. Zero Trust architectures rely heavily on identity verification, device health checks, and continuous monitoring.
CISSP Relevance
Zero Trust has become increasingly prominent in CISSP exams as organizations move away from perimeter-based security. It connects Domain 3 (Security Architecture), Domain 4 (Network Security), and Domain 5 (Identity and Access Management). Understand how Zero Trust differs from traditional models and what technologies enable it.
The definitive guide is NIST SP 800-207 Zero Trust Architecture.
Related terms: Defense in Depth, Multi-Factor Authentication