What are the Core Principles of a Zero Trust Model?

Definition: A zero trust security model, by default, considers every person, device, and application to be a possible threat to a company. When a company implements a zero trust model, a core set of principles are deployed and adhered to, based on NIST 800-207.


Core Principles explained

The main core principles of a Zero Trust model include the following and serve as an introduction to the concepts of zero trust:

1. Resource Definition - Know your architecture including users, devices, and services
All data sources and computing services are considered as resources.

2. Secure Communication
All information is secured regardless of network location.

3. Create a strong device identity
Access to individual enterprise resources is granted on a ‘per-session’ basis.

4. Authenticate everywhere
Access to resources is determined by dynamic policy. This includes customer identity, application/service, and the requesting asset - and may include other behavioral and environmental attributes.

5. Know the health of your devices and services
The company monitors and measures the integrity and security posture of all owned and associated assets.

6. Authentication and authorization enforcement
All resources authentication and authorization are dynamic and strictly enforced before access is allowed.

7. Set policies according to the value of the service or data
The company gathers as much information about its assets, network infrastructure, and communications as possible and utilizes it to strengthen its security posture.

The zero-trust security approach aims to strike a balance between security and business productivity. On the one hand, zero trust is intended to allow employees to carry out their responsibilities without interference. Any unlawful access or use of company resources, on the other hand, should be prevented by the organization's zero trust security protocols.

It is critical that all of the elements of the Core Principles fit within the business strategy and the organizational culture.

Utimaco provides a range of solutions and services that help set up zero trust architectures even in decentralized and geographically distributed structures.



Blog posts

Blog posts



Related products

Related products

Contact us

We look forward to answering your questions.

How can we help you?

Talk to one of our specialists and find out how Utimaco can support you today.
You have selected two different types of downloads, so you need to submit different forms which you can select via the two tabs.

Your download request(s):

    By submitting below form you will receive links for your selected downloads.

    Your download request(s):

      For this type of documents, your e-mail address needs to be verified. You will receive the links for your selected downloads via e-mail after submitting below form.

      About Utimaco's Downloads

      Visit our Downloads section and select from resources such as brochures, data sheets, white papers and much more. You can view and save almost all of them directly (by clicking the download button).

      For some documents, your e-mail address needs to be verified. The button contains an e-mail icon.

      Download via e-mail


      A click on such a button opens an online form which we kindly ask you to fill and submit. You can collect several downloads of this type and receive the links via e-mail by simply submitting one form for all of them. Your current collection is empty.