#20 - Zero Trust

Would you actually like to learn about what Zero Trust is without a bunch of marketing jargon?  On this week's episode G Mark Hardy and Ross Young provide a thoughtful discussion on Zero Trust from NIST and Microsoft:

• Microsoft's Zero Trust Principles
  • Verify Explicitly
  • Use Least Privileged Access
  • Assume Breach

• NIST 800-207 Seven Tenets of Zero Trust
  1. All data sources and computing services are considered resources
  2. All communication is secured regardless of network location
  3. Access to individual enterprise resources is granted on a per-session basis
  4. Access to resources is determined by dynamic policy
  5. The enterprise monitors and measures the integrity and security posture of all owned and associated assets
  6. All resource authentication and authorization are dynamic and strictly enforced before access is allowed
  7. The enterprise collects as much information as possible about the current state of assets, network infrastructure, and communication and uses it to improve its security posture

• Six Foundational Elements of Zero Trust
  1. Identities
  2. Devices
  3. Applications
  4. Data
  5. Infrastructure
  6. Networks