Forrester’s Zero Trust (ZT) Model of information security demands that security teams eliminate the dangerous trust assumptions underpinning legacy, perimeter-based security architectures. When organizations embrace a ZT mindset, they assume that malicious actors have already infiltrated their environment and are stealing valuable data. ZT metrics provide security leaders with accurate measures of the firm’s competence to defend the firm’s employees, customers, and sensitive intellectual property. This report provides security leaders with sample strategic, operational, and tactical metrics they can use to measure their security program.