Jisc has been advocating Zero Trust as an approach for a while, with references in Cyber Impact and the current Janet Security Policy consultation to the previously published Beta architecture, but today (23rd July 2021), NCSC has released version 1.0 of their Zero Trust Design Architecture principles: https://www.ncsc.gov.uk/blog-post/zero-trust-1-0.
NCSC define 8 principles that they state will help organisations implement their own zero trust architecture in an enterprise environment:
- Know your architecture, including users, devices, services and data.
- Know your User, Service and Device identities.
- Assess your user behaviour, device and service health.
- Use policies to authorise requests.
- Authenticate & Authorise everywhere.
- Focus your monitoring on users, devices and services.
- Don’t trust any network, including your own.
- Choose services designed for zero trust.
Find out more at https://www.ncsc.gov.uk/blog-post/zero-trust-1-0