As increasing numbers of "smart" sensors and actuators are introduced into the electrical grid, the cyber security factor grows in significance, necessitating the implementation of information assurance controls for devices at all levels within the grid communications network. Determining the appropriate controls for any particular device first requires identifying its place within an established trust model. This paper aims to define a multilevel framework for a trust model to be used throughout the electrical grid. Assume compromise of control systems - A primary objective in developing this model is to support a distributed rather than hierarchical control system architecture based on the core assumption that the compromise of grid control system components and subsystems will always be to some extent unavoidable. Rather, therefore, than attempting to create an all-encompassing enclave of trust, our control system architectural model suggests that systems be designed in ways to narrow the sphere of implied trust by expecting the compromise of adjacent systems, thereby reducing the sphere of vulnerability. By starting with an expectation of control system component compromise or lack of trust, subsystem designs can be implemented with independent rather than dependent cyber security and energy control data flows. The term High Assurance Smart Grid (HASG) refers to a Smart Grid with a control system architecture characterized by a distributed architecture that is designed to mitigate against widespread failures when control system components themselves are compromised. Lessons-learned and best practices are adopted from power engineering, information technology, cyber security, and other disciplines to build the described HASG model.