# Zero Trust Architecture

## ⚡*<mark style="color:purple;">Responsible</mark>* AI. Transparent.

{% content-ref url="/pages/OssXaVNosrMvJiN35wOL" %}
[Human-in-the-Loop](/lisaiceland/platform+/active-development/human-in-the-loop.md)
{% endcontent-ref %}

{% content-ref url="/pages/pMOEYD8qnL9FeUghW2YM" %}
[Advanced Agent Verifier](/lisaiceland/platform+/active-development/advanced-agent-verifier.md)
{% endcontent-ref %}

{% content-ref url="/pages/NicqNRF1RaLZCvAmf9ds" %}
[Bias Protections](/lisaiceland/smarter-ai-learn-more/ai-safety+/bias-protections.md)
{% endcontent-ref %}

{% content-ref url="/pages/TRIi7ZophDWfdxTjp4T6" %}
[AI Safety Guardrails](/lisaiceland/smarter-ai-learn-more/ai-safety+/guardrails+/ai-safety-guardrails.md)
{% endcontent-ref %}

{% content-ref url="/pages/RNMNcV5KsEdEHt6zxJyY" %}
[HIPAA](/lisaiceland/privacy+/hipaa-or-soc2-or-pci/hipaa.md)
{% endcontent-ref %}

{% content-ref url="/pages/T8dGT7G5BB6uWtvVypaZ" %}
[PCI DSS](/lisaiceland/privacy+/hipaa-or-soc2-or-pci/pci-dss.md)
{% endcontent-ref %}

{% content-ref url="/pages/8ptP0Uu63pyd41Tz8Gk2" %}
[SOC-2 Type II](/lisaiceland/privacy+/hipaa-or-soc2-or-pci/soc-2-type-ii.md)
{% endcontent-ref %}

## ⚡What is it?

> ### Zero Trust is a modern cybersecurity strategy based on "*<mark style="color:purple;">never trust, always verify</mark>*," assuming no user or device is inherently safe, even inside a network, aka end-to-end "[*<mark style="color:purple;">perimeterless</mark>*](https://en.wikipedia.org/wiki/Zero_trust_architecture)" security architecture which requires strict identity verification, least-privilege access, and continuous validation for every resource request, moving from location-based trust to identity-centric security for complex cloud environments.&#x20;

## ⚡Approach

> ### This approach prevents attackers from moving laterally, significantly reducing breach impact by microsegmenting networks and strictly controlling data access. &#x20;

### Core Principles

* **Verify Explicitly**
  * Always authenticate and authorize based on all available data points (identity, location, device health).&#x20;
* [**Least Privilege**](https://www.google.com/search?sca_esv=283b61cf11016ab2\&rlz=1C1ONGR_enUS1140US1140\&sxsrf=AE3TifMS4WjMrcOs1Akc1Ojf0iceKJH1Tg%3A1766499894276\&q=Least+Privilege\&sa=X\&ved=2ahUKEwj1u8b19NORAxUyk2oFHbMnNisQxccNegUIwgIQAQ\&mstk=AUtExfA6wsKvQAECVw6OwvHmKWIMNdFl_19uapuzBte7yUlg8KMRtLu8tbds5TP2rnhdPPFWdCFr_FORTQS6NqcrAcHjlKTjK2bmAUlzzLe3iWn-M6uysCdeRwKTEm6UK496CNeYDXVzAiAyhXkz94gTfwB8hHjbutKd36HPXo1MAwlFaZryA6wGsLHpyIa48Ss2n5EnKgE8QxZsYbP9Bey8Ti3iWVm90z6ikx5-V2qWiircpSOIQF4p_VJXIpZEs5yOm4E0cB2bxe7igGFyUXY_hVwT\&csui=3) **Access**
  * Grant just enough access (Just-In-Time/Just-Enough-Access) for a specific task, not broad network access.&#x20;
* **Assume Breach**
  * Design systems assuming attackers are already present, minimizing their ability to move around.&#x20;

### Key Components & Technologies

* [**Identity & Access Management**](https://www.google.com/search?sca_esv=283b61cf11016ab2\&rlz=1C1ONGR_enUS1140US1140\&sxsrf=AE3TifMS4WjMrcOs1Akc1Ojf0iceKJH1Tg%3A1766499894276\&q=Identity+%26+Access+Management\&sa=X\&ved=2ahUKEwj1u8b19NORAxUyk2oFHbMnNisQxccNegUI5wIQAQ\&mstk=AUtExfA6wsKvQAECVw6OwvHmKWIMNdFl_19uapuzBte7yUlg8KMRtLu8tbds5TP2rnhdPPFWdCFr_FORTQS6NqcrAcHjlKTjK2bmAUlzzLe3iWn-M6uysCdeRwKTEm6UK496CNeYDXVzAiAyhXkz94gTfwB8hHjbutKd36HPXo1MAwlFaZryA6wGsLHpyIa48Ss2n5EnKgE8QxZsYbP9Bey8Ti3iWVm90z6ikx5-V2qWiircpSOIQF4p_VJXIpZEs5yOm4E0cB2bxe7igGFyUXY_hVwT\&csui=3) **(IAM):**
  * Strong multi-factor authentication (MFA) for users and devices.&#x20;
* **Device Compliance**
  * Checking device health (patching, malware) before granting access.&#x20;
* **Microsegmentation**
  * Dividing networks into small zones to contain breaches.&#x20;
* [**Zero Trust Network Access**](https://www.google.com/search?sca_esv=283b61cf11016ab2\&rlz=1C1ONGR_enUS1140US1140\&sxsrf=AE3TifMS4WjMrcOs1Akc1Ojf0iceKJH1Tg%3A1766499894276\&q=Zero+Trust+Network+Access\&sa=X\&ved=2ahUKEwj1u8b19NORAxUyk2oFHbMnNisQxccNegUI4wIQAQ\&mstk=AUtExfA6wsKvQAECVw6OwvHmKWIMNdFl_19uapuzBte7yUlg8KMRtLu8tbds5TP2rnhdPPFWdCFr_FORTQS6NqcrAcHjlKTjK2bmAUlzzLe3iWn-M6uysCdeRwKTEm6UK496CNeYDXVzAiAyhXkz94gTfwB8hHjbutKd36HPXo1MAwlFaZryA6wGsLHpyIa48Ss2n5EnKgE8QxZsYbP9Bey8Ti3iWVm90z6ikx5-V2qWiircpSOIQF4p_VJXIpZEs5yOm4E0cB2bxe7igGFyUXY_hVwT\&csui=3) **(ZTNA)**
  * Securely connecting users to specific apps, not the entire network.&#x20;
* **Continuous Monitoring**
  * Constantly inspecting and logging traffic for anomalies.&#x20;

### Why It Matters

* **Secures Modern Work**
  * Protects remote workers, cloud apps, and IoT devices, unlike traditional perimeter security.&#x20;
* **Reduces Breach Impact**
  * Limits lateral movement, shrinking the "blast radius" of an attack.&#x20;
* **Meets Compliance**
  * Aligns with new regulations, like the U.S. federal mandate for Zero Trust.&#x20;

## ⚡Summary

> ### Zero Trust shifts security from protecting the network perimeter to protecting individual resources, treating every access attempt with suspicion until proven legitimate.&#x20;


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://nexas-ridewiz.gitbook.io/lisaiceland/platform+/subprocessors/zero-trust-architecture.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.