Zero Trust Architecture (ZTA) Expert Group

Zero Trust Maturity Model initiative - July 14 Meeting Notes

  • 1.  Zero Trust Maturity Model initiative - July 14 Meeting Notes

    Posted Jul 18, 2022 05:45:00 AM

    Hello all – Thanks for joining the most recent Zero Trust Maturity Model working session, on July 14. We reviewed and discussed the Appgate Zero Trust Maturity Model.

    Meeting Recording: 

    Note that the meeting content starts at 8:00 into the recording

    Meeting Notes

    July 14 Meeting - review of Appgate Maturity Model

    Appgate Maturity Model File: https://drive.google.com/file/d/1HrJ54brU6WdFCq VCuDxzfgpCIX84d-3O/view?usp=sharing Also at https://d3aafpijpsak2t.cloudfront.net/docs/eBook/Zero_Trust_Maturity_Model_Roadmap-Guide.pdf

    • 4 stages vs the 3 in the CISA model, and the 5 in the NSTAC document
    • Orgs are not at the same level across tracks
      • you could be a 0 for MFA, and a 2 for identity providers
      • We should make sure to communicate this clearly 
    • Potential for an online tool / survey
      • Concern about orgs not wanting this data to be stored online / in a cloud environment
      • This is a concern but not a showstopper for a potential online tool
    • ZT Definition - should we align with / review the ZT Training course that the CSA is working on? yes.
      • Plan to have someone from the ZT Expert Group review the Training course
        • Overall agenda and topics
        • ZT Definition
      • We'll do this in an upcoming ZTMM working session
    • Walkthrough of the pillars
      • Identity, Devices, Networks/Environments, Applications/Workloads, Data
      • Overlay pillars: Visibility and Analytics, Automation and Orchestration, Policy

    Next meeting - Thursday, July 28 at 8am EDT - which is 12:00 UTC / GMT, and 8pm China Standard Time, 9pm Japan Standard Time

    We will post the meeting Zoom link within 36 hours of the next meeting

    Topic: Recap of our ZTMM reviews to date, and opening the discussion for what we should create as a working group, now that our initial set of reviews are done. Note: We will have this discussion over the next 2 meetings, in order to accommodate people in all time zones