- A methodology for assessing the implementation level of Zero Trust security in enterprises and strengthening their capabilities.
- A practical guide to support enterprises in adopting the Zero Trust model.
The Ministry of Science and ICT (MSIT), led by Minister Yoo Sang-im, in collaboration with the Korea Internet & Security Agency (KISA), directed by President Lee Sang-joong, announced the release of the Zero Trust Guideline 2.0. Developed with input from industry, academia, and research experts, the guideline incorporates analyses of domestic and international trends and implementation cases. It reflects feedback from stakeholders across supply and demand sectors to assist Korean enterprises in adopting the Zero Trust security model.
Zero Trust is a new security paradigm in which all access requests to information systems are treated as though the network has already been compromised. At its core lies the principle: "Never Trust, Always Verify."
Traditional security models relied on perimeter-based security, implicitly trusting insiders while distinguishing between internal and external networks. However, the rise of digital technologies such as AI and cloud-based resource sharing, along with the widespread adoption of remote work, has exposed the limitations of these traditional models. As a result, a fundamental shift in security architecture has become essential.
In July 2023, MSIT introduced the Zero Trust Guideline 1.0, which outlined the fundamental concepts, principles, and rationale behind the Zero Trust security model. Its goal was to raise awareness about the need for such a framework. Subsequently, pilot projects were conducted to validate the applicability of this model in real-world corporate environments, laying the groundwork for its broader adoption.
The newly launched Zero Trust Guideline 2.0 goes beyond concept introduction and awareness-building. It incorporates insights from global policy documents, including those from the United States, as well as findings from domestic pilot projects. The guideline presents detailed procedures and methodologies for adoption and is structured with a focus on the needs of users seeking to implement and utilize the Zero Trust security model.
In particular, the guideline defines a "maturity model," which has been expanded from three stages to four stages. This enables companies to diagnose and analyze their current security posture, set goals, and verify progress when adopting the Zero Trust model. The document also describes the detailed capabilities of key components that constitute enterprise networks, outlines the characteristics of each maturity level, provides evaluation checklists, and suggests improvement strategies.
Furthermore, the guideline does more than simply explain the technical aspects of Zero Trust. It includes step-by-step considerations, organizational roles, and concrete methodologies for formulating phased implementation plans. Practical examples are also provided to guide organizations through the preparation phase to full operation and seamless integration of the Zero Trust model.
Ryu Je-Myung, Deputy Minister for the Office of Network Policy at MSIT, emphasized the urgency of transitioning to a Zero Trust security framework in light of increasingly sophisticated cyber threats and the proliferation of advanced digital technologies.
He stated, “This guideline will serve as an essential reference for the practical implementation of Zero Trust security models across various industries. The government remains committed to supporting the broader adoption of Zero Trust by domestic enterprises.”
For further information, please contact the Public Relations Division (Phone: +82-44-202-4034, E-mail: msitmedia@korea.kr) of the Ministry of Science and ICT.
Please refer to the attached PDF.