Zero Trust is a security model in which no user or device is automatically considered trustworthy — every access request is individually verified. Core principles include access only after authentication and authorization, least privilege, and continuous verification. In an ISMS, Zero Trust serves as a strategic guideline for network and access architecture. Implementation happens incrementally through microsegmentation, identity-aware proxies, and conditional access policies. NIST SP 800-207 describes the reference architecture.