Zero Trust Core Principles (The Open Group)

Zero Trust Core Principles (The Open Group) ()

Zero Trust Core Principles
Document No.: W210
Published by The Open Group, April 2021




Zero Trust Key Drivers (Grouping)
Emerging Partnerships (Driver)
Evolving Business Models (Driver)
Rapidly Changing Technology (Driver)
Regulatory, Geopolitical, and Cultural Forces (Driver)
Disruptive Events (Driver)
Paradigm Shift to Remote Work (Driver)
Zero Trust Key Requirements (Grouping)
Regulatory Requirements (Requirement)
Mounting Complexity Requiring Increasing Need to Simplify (Requirement)
Support for Unpredictability (Requirement)
Measurable Controls and Automated Audit (Requirement)
Real-Time/Near Real-Time Response (Requirement)
Exponentially Increasing Need for Agility (Requirement)
Support for Remote Work (Requirement)
Zero Trust Capabilities (Grouping)
Separation of Concerns (Capability)
Secured Zones (Capability)
Context-Specific, Policy-Enforced Data Security (Capability)
Threat Scope Reduction and Risk Avoidance (Capability)
Adaptive Identity (Capability)
Policy-Driven Access Control (Capability)
Automated Audit (Capability)
Real-Time/Near Real-Time Response (Capability)
Advantages of a Zero Trust-Driven Future (Value)
Zero Trust Core Principles (Grouping)
Organizational Value and Risk Alignment (Grouping)
1. Modern Work Enablement (Principle)
2. Goal Alignment (Principle)
3. Risk Alignment (Principle)
Guardrails and Governance (Grouping)
4. People Guidance and Inspiration (Principle)
5. Risk and Complexity Reduction (Principle)
6. Alignment and Automation (Principle)
7. Security for the Full Lifecycle (Principle)
Technology (Grouping)
8. Asset-Centric Security (Principle)
9. Least Privilege (Principle)
Security Controls (Grouping)
10. Simple and Pervasive (Principle)
11. Explicit Trust Validation (Principle)


		Zero Trust Key Drivers (Grouping)	Emerging Partnerships (Driver)
		Zero Trust Key Drivers (Grouping)	Evolving Business Models (Driver)
		Zero Trust Key Drivers (Grouping)	Rapidly Changing Technology (Driver)
		Zero Trust Key Drivers (Grouping)	Regulatory, Geopolitical, and Cultural Forces (Driver)
		Zero Trust Key Drivers (Grouping)	Disruptive Events (Driver)
		Zero Trust Key Drivers (Grouping)	Paradigm Shift to Remote Work (Driver)
		Zero Trust Key Requirements (Grouping)	Regulatory Requirements (Requirement)
		Zero Trust Key Requirements (Grouping)	Mounting Complexity Requiring Increasing Need to Simplify (Requirement)
		Zero Trust Key Requirements (Grouping)	Support for Unpredictability (Requirement)
		Zero Trust Key Requirements (Grouping)	Measurable Controls and Automated Audit (Requirement)
		Zero Trust Key Requirements (Grouping)	Real-Time/Near Real-Time Response (Requirement)
		Zero Trust Key Requirements (Grouping)	Exponentially Increasing Need for Agility (Requirement)
		Zero Trust Key Requirements (Grouping)	Support for Remote Work (Requirement)
		Zero Trust Capabilities (Grouping)	Separation of Concerns (Capability)
		Zero Trust Capabilities (Grouping)	Secured Zones (Capability)
		Zero Trust Capabilities (Grouping)	Context-Specific, Policy-Enforced Data Security (Capability)
		Zero Trust Capabilities (Grouping)	Threat Scope Reduction and Risk Avoidance (Capability)
		Zero Trust Capabilities (Grouping)	Adaptive Identity (Capability)
		Zero Trust Capabilities (Grouping)	Policy-Driven Access Control (Capability)
		Zero Trust Capabilities (Grouping)	Automated Audit (Capability)
		Zero Trust Capabilities (Grouping)	Real-Time/Near Real-Time Response (Capability)
		Zero Trust Core Principles (Grouping)	Organizational Value and Risk Alignment (Grouping)
		Zero Trust Core Principles (Grouping)	Guardrails and Governance (Grouping)
		Zero Trust Core Principles (Grouping)	Technology (Grouping)
		Zero Trust Core Principles (Grouping)	Security Controls (Grouping)
		Organizational Value and Risk Alignment (Grouping)	1. Modern Work Enablement (Principle)
		Organizational Value and Risk Alignment (Grouping)	2. Goal Alignment (Principle)
		Organizational Value and Risk Alignment (Grouping)	3. Risk Alignment (Principle)
		Guardrails and Governance (Grouping)	4. People Guidance and Inspiration (Principle)
		Guardrails and Governance (Grouping)	5. Risk and Complexity Reduction (Principle)
		Guardrails and Governance (Grouping)	6. Alignment and Automation (Principle)
		Guardrails and Governance (Grouping)	7. Security for the Full Lifecycle (Principle)
		Technology (Grouping)	8. Asset-Centric Security (Principle)
		Technology (Grouping)	9. Least Privilege (Principle)
		Security Controls (Grouping)	10. Simple and Pervasive (Principle)
		Security Controls (Grouping)	11. Explicit Trust Validation (Principle)