Free Resources · Advisory & Education
+Civilian Zero Trust
+A free, three-part security field manual for high-risk individuals and the small organizations that support them. We translated the U.S. government's Zero Trust doctrine, the framework used to defend its most sensitive systems, into steps a capable person can actually execute without an IT department. This is part of Houston Labs' free advisory and education work: closing the gap between the security resources institutions have and the rest of us have.
+Start here · The Primer
+Zero Trust Implementations for High-Risk Individuals & Small Organizations
+The conceptual foundation. Builds your threat model, introduces the seven-pillar Zero Trust framework, and shows why it applies to civilians, with concrete scenarios for targeted individuals, travel, family, finances, and incident response.
+-
+
- Threat landscape & mindset +
- All seven pillars explained +
- Real-world scenarios & master checklist +
Implementation · Phase One
+Phase One: Build Your Foundation
+Hands-on execution. Establish a genuinely secure baseline across all seven pillars, accounts, devices, apps, data, network, automation, and visibility, with no IT department and no unlimited budget. Every chapter ends in a checklist you complete.
+-
+
- Step-by-step, pillar by pillar +
- Baseline vs. elevated measures +
- NSA ZTIG Phase One, adapted for civilians +
Implementation · Phase Two
+Phase Two: Integrate and Advance
+Raise the bar. Connect controls that were deployed separately, add phishing-resistant authentication, tighten segmentation, and turn a pile of individual settings into a coherent security posture. Builds directly on Phase One.
+-
+
- Integration across pillars +
- Stronger auth & segmentation +
- NSA ZTIG Phase Two, adapted for civilians +
Independent civilian adaptation. This series adapts the NSA Zero Trust Implementation Guideline (2026), a U.S. government work in the public domain. It is not affiliated with, authorized by, sponsored by, or endorsed by the National Security Agency or any U.S. government agency. It is vendor-neutral: no security product is sold and no vendor is paid for inclusion. Each guide is a tagged, screen-reader-accessible PDF (PDF/UA-1). Security is a practice, not a guarantee; verify tools against current sources before relying on them.
+