NCSC launches Zero Trust architecture design principles 1.0

The NCSC has launched its 8 Zero trust architecture design principles to help organisations securely build this cutting-edge network architecture.

This guidance aims to help organisations design and review a zero trust architecture that meets their individual requirements. There are many vendors and open source offerings providing zero trust based services. These principles will help them to select which combination of services can best support their journey to zero trust.

8 zero trust principles

The eight principles outlined in the NCSC’s guidance will help organisations to implement their own zero trust network architecture in an enterprise environment.

The principles are:

1. Know your architecture, including users, devices, services and data.
2. Know your User, Service and Device identities.
3. Assess your user behaviour, device and service health.
4. Use policies to authorise requests.
5. Authenticate & Authorise everywhere.
6. Focus your monitoring on users, devices and services.
7. Don’t trust any network, including your own.
8. Choose services designed for zero trust.