Zero Trust Architecture (ZTA) Expert Group

ZTA Expert Group Meeting Minutes 1/11

  • 1.  ZTA Expert Group Meeting Minutes 1/11

    Posted Jan 14, 2022 12:58:00 PM

    Hello all,

    Thank you for the thoughtful discussion. The meeting minutes have been updated and can be found here: https://drive.google.com/drive/folders/1fc9g7vUEuDA3qLDLk-0xoH12e_ZHRkA8 

    NOTE: Module 3 has been updated with Daniele's suggested text and is highlighted in yellow. Please review the new unit 3.2 and the Dynamic Firewall section in 3.4.

    The recording for this meeting and future meetings can be found in the Library of the ZTA SME Circle group, along with the agendas/ meeting minutes, and other relevant ZTA artifacts, such as the charter. The Circle group is invite-only, so if you do not have access to this group, please let us know ASAP and we can get that resolved. 

    All Modules for the ZTA Training as well as the ZTA Glossary can be found here: https://drive.google.com/drive/folders/1RRq8MTFh19NCxw8bf5FH8Qito31mEC3F?usp=sharing

    As a reminder, small groups have started up again. Each of you should've already been assigned to one and invited via a calendar invite. If you did not receive a calendar invite or if you are not assigned to a team please let us know.

    Note: Team 1 and Team 3 were merged and Team 1 will join Team 3's call on Thursdays. There will be no Team 1 call on Tuesdays moving forward.

    Team 2: Wednesday 2pm-3pm (PT): Module 4 -  SDP Architectures and Implementation Approaches

    Team 1/3: Thursday 8am-9am (PT): Module 3 - SDP Key Features and Technologies

    Action Points (APs):

    1. 3.1.2.1- Limitations of the "Connect First, Authenticate Second" Model

      1. Matthew Meersman was assigned to add a couple of sentences that outline what comes next. by 1/18

    2. 3.1.2.1.4- Traditional Firewall Architectures Shortcomings

      1. Matthew Meersman was assigned to include a new generation of the firewall as part of it. by 1/18

      2. Heinrich was assigned to describe SDP's value in distributing inspection to other servers/entities. by 1/18

    3. 3.1.3- Complexity of Integrating Security Controls 

      1. Leon was assigned to move this section to the first limitation section by 1/18.

    4. 3.2.2.3- Alternatives to SPA

      1. Prasad was assigned to find/use a diagram from SDP_Specification_2.0 by 1/18.

    5. 3.3.1.2- Reduced Risk of Forged Certificates

      1. Leon was assigned to specify which identified CA could be used by 1/18.

    6. 3.6- Identity & Access Management

      1. Leon was assigned to check for content conflicts and look at SDP_Specification_2.0. by 1/18. 

    7. 3.6.2.1- ABAC and 3.6.2.2- RBAC

      1. Assigned to all, please provide some feedback/suggestions for those sections by 1/18. 

    8. 3.6.2.3- Policy-Based Access Control (PBAC)

    a. Michael Herndon was assigned to add a couple of sentences and note that we will cover this more in-depth in module 4. by 1/18



    ------------------------------
    Reza Safari
    Training administration intern
    CSA
    ------------------------------