The Augustine Infrastructure Trust Framework

Zero Trust verifies who is asking. It does not verify whether the infrastructure on the other side is fit to be trusted right now. That gap — between a verified identity and an unverified environment — is the whole reason this framework exists. This page is the map; the field notes linked throughout go deeper on each piece.

One equation

The framework reduces to a single idea:

Identity Trust (Zero Trust) × Infrastructure Trust (SAUTERA) = Complete Trust Decision

Zero Trust governs who may act. Infrastructure Trust governs whether the environment is fit to be acted on. Neither is complete alone, and the decision that matters is computed where they meet — at the moment of access, on every request. We unpack the gap itself in Zero Trust tells you who, it can't tell you whether.

Two volumes

The Augustine Infrastructure Trust Framework is published in two parts:

• ITA — the Infrastructure Trust Architecture. The product-agnostic, vendor-neutral architecture: the principles, the trust signal, and the decision and enforcement model. It complements Zero Trust without modifying NIST SP 800-207.
• ITCM — the Infrastructure Trust Conveyance Mechanism. How a derived trust verdict can be conveyed in-band — carried with the traffic rather than looked up after the fact — so any enforcement point on the path can act on it. The enabling mechanism is patent-pending; this framework describes its purpose, not its internals.

Underneath both sits an honest scoring model — how raw telemetry becomes a defensible verdict, and when it refuses to.

The signal: a Trust Assertion

The architecture's output is a Trust Assertion (TA) — a small, scoped, time-bound, confidence-aware verdict about one entity, designed to be read alongside an identity claim at decision time. It is the portable unit the whole framework moves around. More on the TA as a signal in the Trust Assertion, and on what's inside the score in what the trust score actually measures.

Four commitments that make it trustworthy

The framework takes positions most scoring systems skip:

• Supportability, not age. A maintained four-year-old system can be healthier than an abandoned new one. We score whether software is supported and defended — never the date on the asset tag. Deep dive: supportability, not age.
• Unknown is an answer. When coverage is too thin to conclude, a device reads Unknown — not a flattering default. A false green is worse than no green: Unknown is an answer.
• Catastrophic findings disqualify. An unsupported OS or an exposed management surface caps the verdict, regardless of otherwise-clean vitals. A weighted average is the wrong instrument for a gunshot wound.
• Trust is a trajectory. A verdict has an expiry; it is re-derived continuously as the facts move. The dangerous host is the one you trusted correctly and never looked at again — right at design time, wrong by Tuesday.

How it runs in practice

Trust is read continuously, decided against policy, enforced within human-governed bounds, and proven by closing the loop — so the evidence is a by-product of the remedy, not a separate fire drill. See continuous, observed, enforced, compliance evidence, not a fire drill, and a worked example in anatomy of a trust decision.

Where to start

Adopt it the way the architecture intends — incrementally. Generate trust signals for visibility, then let them inform planning, then let them shape enforcement; stop at any stage without losing the thread.

See how SAUTERA scores infrastructure trust → — or read the trust & security story for the full ITA / ITCM model.

SAUTERA™ is the reference implementation of the Augustine Infrastructure Trust Framework. Infrastructure Trust + Identity Trust — the complete trust decision.