Quiz Entry - updated: 2026.07.05
What are the three core principles of Zero Trust?
Verify Explicitly (authenticate every request on all signals), Least Privilege (just-in-time, just-enough access), and Assume Breach (design as if attackers are already inside).
1. Verify Explicitly:
- Authenticate using all available signals: identity, device health, location, time, data sensitivity
- Never grant access based on network location alone
2. Least Privilege Access:
- Just-in-time — temporary access that expires
- Just-enough — only what's needed for the task
- Risk-based adaptive — more sensitive data = more verification required
3. Assume Breach:
- Microsegmentation limits lateral movement
- End-to-end encryption even for internal traffic
- Continuous monitoring and analytics
- Minimize blast radius of any single compromise
Tip: Think of Zero Trust as applying the airport security model to your network — everyone gets checked, every time, no exceptions.
Go deeper:
NIST SP 800-207 — Zero Trust Architecture — basis for verify-explicitly / least-privilege / assume-breach.