Free Resources · Advisory & Education

Civilian Zero Trust

A free, three-part security field manual for high-risk individuals and the small organizations that support them. We translated the U.S. government's Zero Trust doctrine, the framework used to defend its most sensitive systems, into steps a capable person can actually execute without an IT department. This is part of Houston Labs' free advisory and education work: closing the gap between the security resources institutions have and the rest of us have.

/ The series
01

Start here · The Primer

Zero Trust Implementations for High-Risk Individuals & Small Organizations

The conceptual foundation. Builds your threat model, introduces the seven-pillar Zero Trust framework, and shows why it applies to civilians, with concrete scenarios for targeted individuals, travel, family, finances, and incident response.

  • Threat landscape & mindset
  • All seven pillars explained
  • Real-world scenarios & master checklist
↓  Download PDF Accessible PDF/UA · 2026
02

Implementation · Phase One

Phase One: Build Your Foundation

Hands-on execution. Establish a genuinely secure baseline across all seven pillars, accounts, devices, apps, data, network, automation, and visibility, with no IT department and no unlimited budget. Every chapter ends in a checklist you complete.

  • Step-by-step, pillar by pillar
  • Baseline vs. elevated measures
  • NSA ZTIG Phase One, adapted for civilians
↓  Download PDF Accessible PDF/UA · 2026
03

Implementation · Phase Two

Phase Two: Integrate and Advance

Raise the bar. Connect controls that were deployed separately, add phishing-resistant authentication, tighten segmentation, and turn a pile of individual settings into a coherent security posture. Builds directly on Phase One.

  • Integration across pillars
  • Stronger auth & segmentation
  • NSA ZTIG Phase Two, adapted for civilians
↓  Download PDF Accessible PDF/UA · 2026

Independent civilian adaptation. This series adapts the NSA Zero Trust Implementation Guideline (2026), a U.S. government work in the public domain. It is not affiliated with, authorized by, sponsored by, or endorsed by the National Security Agency or any U.S. government agency. It is vendor-neutral: no security product is sold and no vendor is paid for inclusion. Each guide is a tagged, screen-reader-accessible PDF (PDF/UA-1). Security is a practice, not a guarantee; verify tools against current sources before relying on them.