From 7cc75f679ed814a8aa83582b49dac6b7b22f53e3 Mon Sep 17 00:00:00 2001 From: Mariusz Sabath Date: Tue, 12 Nov 2024 22:53:17 -0700 Subject: [PATCH] Update community/resources/zero-trust-whitepaper/v1/cloud-native-zero-trust-whitepaper.md Co-authored-by: Emily Fox <33327273+TheFoxAtWork@users.noreply.github.com> Signed-off-by: Mariusz Sabath --- .../v1/cloud-native-zero-trust-whitepaper.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/community/resources/zero-trust-whitepaper/v1/cloud-native-zero-trust-whitepaper.md b/community/resources/zero-trust-whitepaper/v1/cloud-native-zero-trust-whitepaper.md index 5c990b1cf..364f3997c 100644 --- a/community/resources/zero-trust-whitepaper/v1/cloud-native-zero-trust-whitepaper.md +++ b/community/resources/zero-trust-whitepaper/v1/cloud-native-zero-trust-whitepaper.md @@ -95,7 +95,7 @@ Building on the extensive discourse surrounding Zero Trust principles over the y To follow the tenet of *Assume a Breach*, organizations must operate as if their systems are already hacked. This mindset encourages the development and implementation of security strategies that are inherently resilient and capable of detecting, containing, and mitigating threats in real time. -The tenet of Always Verify emphasizes the necessity of continuous authentication, authorization, and monitoring for every interaction within the system, regardless of its origin. This tenet rejects the notion of implicit trust, instead insisting on rigorous verification of all entities — users and services, internal and external. In practice, this involves the actions of eliminating implicit trust, minimizing explicit trust, and monitoring behavior to verify trustworthiness. +The tenet of *Always Verify* emphasizes the necessity of continuous authentication, authorization, and monitoring for every interaction within the system, regardless of its origin. This tenet rejects the notion of implicit trust, instead insisting on rigorous verification of all entities — users and services, internal and external. In practice, this involves the actions of eliminating implicit trust, minimizing explicit trust, and monitoring behavior to verify trustworthiness. The following table summarizes the Cloud Native principles of Zero Trust as detailed in the remainder of this chapter. The evidence for the principles below is discussed in **[NIST SP 800-207](https://csrc.nist.gov/pubs/sp/800/207/final)** chapter 2 *“Zero trust Basics”* with further details in chapter 3 “*Logical Components of Zero Trust Architecture*”*.* While the NIST paper discusses all kinds of systems, in generic terms such as assets and resources, here we focus solely on Cloud Native systems with a higher level of nuance.