Zero Trust Architecture (ZTA) Expert Group

Back to discussions
Expand all | Collapse all

October 11, 2022 - ZTT Expert Group Meeting Minutes & Action Points

  • 1.  October 11, 2022 - ZTT Expert Group Meeting Minutes & Action Points

    Posted Oct 13, 2022 11:52:00 AM

    Hello all,

    Thank you all for the thoughtful discussion on Tuesday, the 11th. The meeting minutes have been updated and can be found here.

    The recording for this meeting and future meetings can be found in the Library of the ZTT SME Circle group, along with the agendas/meeting minutes, and other relevant ZTT artifacts, such as the charter. The Circle group is invite-only, so if you do not have access to this group, please let us know ASAP and we can get that resolved. 

    All Modules for the ZT Training as well as the ZTT Glossary can be found here. All ZT/SDP External Resources

    NoteIf you are a new volunteer, please read modules 1-5 to get a good concept of the ZT/SDP training. 

    Prior to our next meeting on October 13th, 2022, all volunteers are expected to be familiar with the Module 6 outline and NIST 1800-35 document linked below. 

    Action Points:

    1. All are assigned to review the ZT Implementation Outline - Module 6. 

      1. Please provide feedback by October 13, 2022. 

        1. Please note: at this time there are no comments from our volunteers within this outline. 

      2. The above outline is based on NIST 1800-35B

        1. All are assigned to review the document above to have a solid understanding of what Module 6 will cover. 

    2. All please be aware that we are still in need of ZT experts, like yourself, for the creation of the  ZTT exam.  For our expert group members, there is no application process, as we automatically approve members.

      1. We are planning our kick-off call in the next few weeks so please reach out to me if you'd like to be included in this opportunity.

    3. Module 5: ZT Planning

      1. 5.2.5 Organizational Security Policies

        1. Heinrich has agreed to review this section to ensure language is updated to an above-mentioned title (please complete by Thursday, October 13, 2022) 

    Internal Action Points:

    1. CSA Internal to complete M5: ZT Planning edits by Thursday, 10/13

      1. Technical Writer to create connecting sentences in Unit 5.2: Planning Considerations to connect to subsection 5.2.6: Organizational Security Policies 

     Working Group Information: 

    The revamped CSA ZT Research working group aims to help develop and socialize Zero Trust standards and guidance for secure cloud, hybrid and mobile endpoint environments. This group will have nine distinct workstreams that address specific aspects of an end-to-end ZT architecture and implementation.

    1. Zero Trust as a Philosophy & Guiding Principles

    2. Zero Trust Organizational Strategy & Governance

    3. Pillar: Identity*

    4. Pillar: Device

    5. Pillar: Network/Environment

    6. Pillar: Applications & Workload

    7. Pillar: Data

    8. Automation, Orchestration, Visibility & Analytics

    9. Zero Trust Architecture, Implementation, and Maturity Model

    1. Workgroup members can sign up at https://csaurl.org/zt-signup. SMEs with ZT experience can volunteer for a workstream leadership or lead author role for one or more workstreams if you have the bandwidth. (BTW Registering requires creating or signing into your CSA Circle or Google account.).

    2. After you've signed up to join the working group you can volunteer for specific workstreams and express interest in leadership roles by emailing [email protected] (if you haven't already). (We're working on a more sophisticated signup page that will enable workstream and role election at signup time but it's not yet available.)

      1. Link to workgroup charter: Zero Trust Working Group Charter 2022 - Final V1

      2. Each workstream is developing its own mini-charter.

      3. CSA ZT Slack:    csa-public.slack.com - #zero-trust-working-group.

    3.  Join using this URL: https://csaurl.org/csa-public-slack

    4. The Zero Trust Working Group's kick-off meeting was held on August 18, 2022. We discussed plans for the working group and the various workstreams we'll be spinning up to address the broad scope of Zero Trust. Participating is a great way to meet industry peers and experts who are also focused on developing and discussing zero-trust strategies, architecture and implementation guidance. Meeting Recording linked here.

      1. Access Passcode: CSAZTWG22!

      2. Kickoff Deck: CSA Zero Trust 2022 Kickoff.pptx

     
    Thank you all for your time and commitment to this group,
    Chandler Curran 
    Training Project Administrator 
    Cloud Security Alliance 


    ------------------------------
    Chandler Curran
    Training Project Administrator
    Cloud Security Alliance
    ------------------------------