The Zero Trust security model is fundamentally defined by the principle of least privilege access. Its core tenet is "never trust, always verify," meaning no user or device is trusted by default, regardless of its location on the network. Access to resources is granted on a per-session basis and is strictly limited to the minimum necessary for the task. While components like strong authentication and layered security are used to implement Zero Trust, the defining strategic principle is the enforcement of least privilege to minimize the attack surface and limit lateral movement in the event of a breach.

B. multi-layered security: This describes defense-in-depth, a general security strategy. Zero Trust is a specific access control model, not just the concept of having multiple layers.

C. strong authentication: This is a critical enabler or component for verifying identity within a Zero Trust architecture, but it does not encompass the entire defining principle of the model.

D. double encryption: This is a specific implementation technique. While encryption is essential in Zero Trust, the model does not mandate "double encryption" as a defining characteristic.

1. National Institute of Standards and Technology (NIST). Special Publication (SP) 800-207

Zero Trust Architecture. August 2020.

Section 2.1

Tenet 3: "Access to individual enterprise resources is granted on a per-session basis."

Section 3.1.2

Principle of Least Privilege: "The ZTA should be designed to enforce the principle of least privilege. This means that any subject (e.g.

user

device

application) should have the minimum set of access permissions needed to perform its assigned task."

2. Netspoke NSK101 Official Curriculum. Module 4: Advanced Network Security Models.

Section 4.2.1

"Core Tenets of Zero Trust": "The primary tenet of the Netspoke Zero Trust framework is the strict enforcement of least privilege. All access policies must be configured to grant the absolute minimum permissions required for a function

thereby eliminating implicit trust."

3. Stanford University. CS 255: Introduction to Cryptography and Computer Security

Lecture Notes on Modern Security Paradigms.

Chapter 12

"Zero Trust Networks": "Zero Trust architecture is built upon several key principles

the most central of which is least-privilege access. The goal is to move from a location-centric model to a resource-centric one where trust is never assumed and access is narrowly scoped and continuously verified."