Zero Trust: verify explicitly, use least privilege, assume breach

Least privilege access

Give the minimum access needed, scoped and time-limited. Minimum permissions (just enough). Smallest scope (only needed resources). Shortest duration (just-in-time). Limits damage from mistakes or compromise.