Connected and autonomous vehicles (CAVs) are the future of personal and public transportation, but many security issues exist related to the communication and activity of such transportation means. Beyond the obvious, these security issues raise important safety concerns for a CAV’s human occupants. Our focus is on the ubiquitous use of controller area network (CAN) bus technology for internal vehicle networks (IVNs) and how we can secure them with the rigid implementation of zero trust. Through an analysis of current threat vectors, we propose a zero-trust architecture to fundamentally protect the individual components that make up a CAV’s sensor and control network through the use of the CAN bus. We use a simulated environment to show how our architectural approach provides net benefits and offer thoughts on the application of the architecture to IVN use cases but also how it might be expanded to inter-CAV communication in the future.