Skip to main content


The National Cyber Security Centre (NCSC) is a division of the UK's GCHQ. It provides cybersecurity advice and support for public and private organizations. In general, it is a great resource on all matters relating to IT and security.

You can read NCSC's introduction to Zero Trust here.

The NCSC has published guidance to help organizations in the public and private sectors implement a zero trust architecture in an enterprise environment.

The guidance consists of 8 principles:

  • Know your architecture including users, devices, services, and data

  • Know your user, service, and device identities

  • Assess user behavior, service, and device health

  • Use policies to authorize requests

  • Authenticate and authorize everywhere

  • Focus your monitoring on users, devices, and services

  • Don't trust any network, including your owners

  • Choose services which have been designed for zero trust