Zero Trust Architecture (ZTA) Expert Group

ZTA Expert Group Meeting Minutes 12/7

  • 1.  ZTA Expert Group Meeting Minutes 12/7

    Posted Dec 07, 2021 03:51:00 PM

    Hello all,

    Thank you for the thoughtful discussion today. The meeting minutes have been updated and can be found here:

    The recording for this meeting and future meetings can be found in the Library of the ZTA SME Circle group, along with the agendas/ meeting minutes, and other relevant ZTA artifacts, such as the charter. The Circle group is invite-only, so if you do not have access to this group, please let us know ASAP and we can get that resolved. 

    All Modules for the ZTA Training as well as the ZTA Glossary can be found here:

    As a reminder, small groups have started up again. Each of you should've already been assigned to one and invited via a calendar invite. If you did not receive a calendar invite or if you are not assigned to a team please let us know.

    Note: Team 1 and Team 3 were merged and Team 1 will join Team 3's call on Thursdays. There will be no Team 1 call on Tuesdays moving forward.

    Team 2: Wednesday 2pm-3pm (PT): Module 4 -  SDP Architectures and Implementation Approaches

    Team 1/3: Thursday 8am-9am (PT): Module 3 - SDP Key Features and Technologies

    Action Points (APs): 

    1. Assigned to all, to review the Module 1 self-paced content by 12/14.

      1. We are asking that everyone at least review one unit. CSA will send out unit assignments and please let us know if you do not have time to review or would like to be assigned to a different unit.

      2. Module 1

        1. Unit 1:

        2. Unit 2:

        3. Unit 3:

        4. Unit 4:

        5. Unit 5:

        6. Unit 6:

        7. Unit 7:

    2. 3.1.1- The Shifting Perimeter Challenge

      1. Matthew Meersman was assigned to continue working on the section by 12/14.

    3. Limitations of the "Connect First, Authenticate Second" Model

      1. Matthew Meersman was assigned to work on this section by 12/14. Also, please work on the sections within (

    4. Traditional Firewall Architecture Shortcoming

      1. Matthew Meersman would like to rewrite this section by 12/14. Reminder: all text is copied and pasted and this section needs to be either deleted or rewritten.

    5. 3.2- Hiding of Infrastructure

      1. Prasad was assigned to review this section by 12/14.

        1. CSA moved the text from 3.7 to section 3.2 under the default drop-all firewall, but now the text needs to be harmonized, and repetitive text needs to be deleted.

    6. Disallows Forged Certificates

      1. Jake Kline was assigned to this section by 12/14

        1. Heinrich provided some alternative text for can you please review and see if this is better. Also, do you have any suggestions for a title change?

    7. 3.6.2 IAM Approaches

      1. Michael Herndon was assigned to work on this section by 12/14.

        1. Please add section ABAC and Section PBAC and other possible approaches. 

    8. and Admin Driven Dynamic Process

      1. Michael Herndon was assigned to work on those sections by 12/14.

    9. 3.5- Secure Remote Access

      1. Jake Kline will continue working on this section as well as subsections; Access Management monitoring, and 3.5.2- Access Management Review, by 12/14.

    Reza Safari
    Training administration intern