Zero Trust Architecture (ZTA) Expert Group

ZTA Expert Group Meeting Minutes 11/30

  • 1.  ZTA Expert Group Meeting Minutes 11/30

    Posted Dec 01, 2021 04:41:00 PM

    Hello all,

    Thank you for the thoughtful discussion yesterday. The meeting minutes have been updated and can be found here: https://drive.google.com/file/d/1NMaDfJVFIm2_jG3lfCOwCk0vUQ4DOttp/view?usp=sharing

    The recording for this meeting and future meetings can be found in the Library of the ZTA SME Circle group, along with the agendas/ meeting minutes, and other relevant ZTA artifacts, such as the charter. The Circle group is invite-only, so if you do not have access to this group, please let us know ASAP and we can get that resolved. 

    All Modules for the ZTA Training as well as the ZTA Glossary can be found here: https://drive.google.com/drive/folders/1RRq8MTFh19NCxw8bf5FH8Qito31mEC3F?usp=sharing

    As a reminder, small groups have started up again. Each of you should've already been assigned to one and invited via a calendar invite. If you did not receive a calendar invite or if you are not assigned to a team please let us know.

    Note: Team 1 and Team 3 were merged and Team 1 will join Team 3's call on Thursdays. There will be no Team 1 call on Tuesdays moving forward.

    Team 2: Wednesday 2pm-3pm (PT): Module 4 -  SDP Architectures and Implementation Approaches

    Team 1/3: Thursday 8am-9am (PT): Module 3 - SDP Key Features and Technologies

    Action Points (APs):

    1. Module 3-SDP Key Features and Technologies
      1. Section 3.1.1- The Shifting Perimeter

        1. Matthew Meerman was assigned to work on this section by 12/2.

      2. Section 3.1.2- The IP Address Challenge 

        1. Matthew Meerman was assigned to work on this section by 12/2.

      3. Section 3.1.2.1- Capabilities required to mitigate the Connect first, Authenticate second model security weaknesses

        1. Leon was assigned to create a new title/conform to the challenge (not the solution)/find another more appropriate section by 12/2.

      4. Section 3.1.3- Integrating Security Controls

        1. Matthew Meerman was assigned to work on this section by 12/2.

      5. Section 3.1.4- SDP Key Features and Technologies 

        1. Matthew Meerman was assigned to work on this section by 12/2.

      6. Sections 3.2-3.2.2.3 Hiding of Infrastructure, Attack Detection 

        1. We need a good flow between this section and section 3.7- Dynamic Firewall

        2. Jake Kline was assigned to work on it by 12/2.

      7. Section 3.2.2- Single Packet Authorization

        1. Leon was assigned to work on this section by 12/2. 

      8. Sections 3.3-3.3.1.3 Mutual Transport Layer Authentication, MITM Protection

        1. We need the current text reviewed, as well as new text for those sections. Additionally, should any new sections be added?

        2. Abhishek was assigned to work on it by 12/2. 

      9. Sections 3.4- 3.4.3.2 The Access Model Based on the Principles of Least Privilege and Need to Know 

        1. Michael Herdon was assigned to review those sections by 12/2.

      10. Section 3.4.2- Policy driven authorization and access 

        1. Vani was assigned to work on this section by 12/2.

      11. Sections 3.5 and 3.5.1 Dynamic Access Control 

        1. Remo was assigned to write content for those sections by 12/2. 

      12. Sections 3.6- 3.6.2 Secure Remote Access

        1. Rajesh was assigned to write content for those sections by 12/2.

        2. Jake Kline was assigned to work on it by 12/2.

      13. Section 3.7- Dynamic Firewall

        1. Prasad and Jake Kline were assigned to work on harmonizing this section with section 3.2 by 12/2.

      14. 3.7.1.2- Fused multi-Source Intelligence

        1. Leon will work on this section by 12/2.

      15. Sections 3.7.1.4.1 -3.7.1.4.4 Dynamic Firewall

        1. Leon will work on those sections by 12/2.

      16. 3.7.2- Shortcomings of Firewall Architecture

        1. Leon was assigned to rewrite it by 12/2.

        2. Lauren was assigned to propose what the vision should be of this section and the title by 12/2. 

      17. Section 3.7.3- Policy Driven 

        1. Prasad was assigned to work on this section by 12/2. 

      18. Sections 3.8- 3.8.3.3 Identity & Device-Driven Access Control 

        1. Sam Reddy was assigned to work on those sections by 12/2.

    2. Module 4-SDP Architectures and Implementation Approaches

      1. Sam Reddy and Leon were assigned to work on section 4.2.6- Device Validation by 12/1.

      2. Rich Lee was assigned to section 2.4- SDP Architecture Considerations, by 12/1. 

      3. Shinesa Cambric was assigned to work on section 4.3.2- Authentication Phase, by 12/1.

      4. Nishanth was assigned to review sections 4.1 through 4.3 by 12/1. 

      5. Naresh was assigned to work on section 4.1- SDP Architecture Components, section 4.1.1.1- SDP Controller Integration Points, and section 4.1.1.2- SDP Controller Responsibilities: Keys and Certificates by 12/1.

      6. Robert Morris was assigned to work on section 4.3.1- Onboarding Phase, by 12/1.

    3. Assigned to all to review and look at the current changes in unit 4.3 by 12/1. 

    4. Assigned to all, help us write quiz questions

      1. 10 questions/ unit 

      2. Item form 

        1. https://docs.google.com/document/d/1VUTUMYUJcVc9FT__ga5-zkNcw0vGB4VQC6giI8b_xWU/edit?usp=sharing

      3. Item guidelines

        1. https://docs.google.com/document/d/1Rq--uvdLyxIpJJt_n-wAZ8iytwnX8aJWIh4p83NhoLM/edit?usp=sharing

    5. Assigned to all, if you have not already, please read the SDP Spec v2 and Architecture Guide attached. 

      1. This will be crucial for writing M3-6.

    6. Assigned to all, if you have not already please review M2, introduction to SDP.

      1. This was written using the Architecture Guide and SDP Spec v1 doc.

    7. Assigned to all, if you would like your profile picture and name displayed on the CSA website for any research publications you helped create, please also fill out this form with your headshot & bio: https://airtable.com/shrWCABzTtYhNj60C


    ------------------------------
    Reza Safari
    Training administration intern
    CSA
    ------------------------------