To provide defense in depth, the principles of zero-trust architecture, as elaborated by NIST, need to be adopted in system design and operation. Data should be protected across all three phases of its lifecycle: at rest, in motion, and in use.