The term “zero trust” is rapidly gaining attention as agencies move away from the more traditional “castle and moat” models of cybersecurity. Zero trust refers to a cybersecurity strategy or set of principles based in the understanding that just because an account or device is associated with the organization or has seemed trustworthy in the past doesn’t mean they should be assumed to be trustworthy in the future. The mindset assumes an attacker could be in the network already and emphasizes limiting a bad actor’s ability to access data and other resources. Organizations adopting zero-trust principles require users — and devices — to continually prove they are who they claim to be, whenever they want to access data or services.
https://www.govtech.com/security/what-is-zero-trust-a-guide-to-the-cybersecurity-approach
