TRUST LEVEL 1 – Advanced Security Controls
Trust Level 1 is focused on preventing lateral movement. Organizations achieve this by eliminating trust. Simply, NOT automatically trusting anything inside the network perimeter. Trust Level 1 means verifying everything before granting access.
This is different than the old trust-but-verify method. Trust Level 1 focuses on verify then trust, and often verify again.
To successfully pass a Trust Level 1 assessment, an organization must demonstrate advanced security controls implemented in the following areas:
Patching, Backups, Tool Deployment, Identity and Access Management.
These items are audited by a third party at least every 90 days.
