What is zero trust?
Zero trust is a security model that assumes no user, device, or network segment is trusted by default. Every access request is verified individually and granted the minimum access needed, even from inside the network.
What it means
NIST describes zero trust as a set of principles for making accurate, least-privilege access decisions while treating the network as potentially compromised. In plain terms, "never trust, always verify": identity and context are checked on every request rather than trusting anything just because it is already inside the firewall. It shows up in modern cloud, identity, and security roles.
Sources
- National Institute of Standards and Technology — NIST CSRC Glossary: https://csrc.nist.gov/glossary
Citation Ledger
| ID | Supports | Evidence | Source |
|---|---|---|---|
| CIT-01 | Definition source for What is zero trust? | Official source page | National Institute of Standards and Technology — NIST CSRC Glossary |