Step one of any Zero Trust effort requires knowing exactly who your users are. You can't trust anything about users, they must prove who they are including thier laptop, what they are trying to do with an application and
Removes implicit trust in various components of appplications when they talk with each other. A fundamental tenet of Zero Trust is that applications cannot be trusted-continous monitoring at runtime is necessary to
validate their behaviour.
The same Zero Trust principles apply to infrastructure-implicit trust must be eliminated across everything infrastructure related: routers,switches,cloud,IoT, supply chain, etc.