Zero Trust Architecture (ZTA) Expert Group

ZTA Expert Group Meeting Minutes 12/21

  • 1.  ZTA Expert Group Meeting Minutes 12/21

    Posted Dec 22, 2021 12:14:00 PM

    Hello all,

    Thank you for the thoughtful discussion yesterday. The meeting minutes have been updated and can be found here: https://drive.google.com/drive/folders/1fc9g7vUEuDA3qLDLk-0xoH12e_ZHRkA8 

    NOTE: Module 3 has been updated with Daniele's suggested text and is highlighted in yellow. Please review the new unit 3.2 and the Dynamic Firewall section in 3.4.

    The recording for this meeting and future meetings can be found in the Library of the ZTA SME Circle group, along with the agendas/ meeting minutes, and other relevant ZTA artifacts, such as the charter. The Circle group is invite-only, so if you do not have access to this group, please let us know ASAP and we can get that resolved. 

    All Modules for the ZTA Training as well as the ZTA Glossary can be found here: https://drive.google.com/drive/folders/1RRq8MTFh19NCxw8bf5FH8Qito31mEC3F?usp=sharing

    As a reminder, small groups have started up again. Each of you should've already been assigned to one and invited via a calendar invite. If you did not receive a calendar invite or if you are not assigned to a team please let us know.

    Note: Team 1 and Team 3 were merged and Team 1 will join Team 3's call on Thursdays. There will be no Team 1 call on Tuesdays moving forward.

    Team 2: Wednesday 2pm-3pm (PT): Module 4 -  SDP Architectures and Implementation Approaches

    Team 1/3: Thursday 8am-9am (PT): Module 3 - SDP Key Features and Technologies

    Action Points (APs): 

    1. 3.1.1- The Shifting Perimeter Challenge 

      1. Jake Kline was assigned to review this section by 12/23.

        1. we broke it up into multiple suggestions like you suggested.

      2. Matthew Meersman, please address your analogy comments for this section by 12/23.

        1. 1) We need to continue the analogy to show how a bad actor defeats the security implementation.

        2. 2) Sentence 3 translates analogy to networking. Sentences 4 and 5 change to threat description.

    2. 3.1.2.1- Limitations of the "Connect First, Authenticate Second" Model

      1. Matthew Meersman, please continue to work on this section by 12/23.

    3. 3.1.2.1.1- Access before Authentication

      1. Matthew Meersman, please rewrite to include physical building analogy and stay at a consistent level by 12/23

    4. 3.1.2.1.2-3.1.2.1.4 Broad Network Connectivity & Exposure

      1. Matthew Meersman, please review this section for structure and make sure it defines the limitations, not the solutions, by 12/23

    5. 3.1.4- How SDP Addresses Traditional Architectural Challenges

      1. Leon was assigned to outline how SDP addresses the previous limitations by 12/23. 

    6. 3.2- Hiding of Infrastructure

      1. Michael Roza and Prasad were assigned to review this section by 12/23

    7. 3.3.1.2- Reduced Risk of Forged Certificates

      1. Leon was assigned to add a sentence about OCSP for this subsection by 12/23.

    8. 3.5.1- Access Management Monitoring, 5.5.2- Access Management Review

      1. Jake Kline, was assigned to write on these sections by 12/23

    9. 3.6- Identity & Access Management & Subsections ( 3.6.1- 3.6.3.3 Cross-domain Identity Management Systems)

      1. Heinrich, Remo, and Michael Herndon will continue rewriting this section and its subsections by 12/23.

      2. They are to communicate and work together via email.

    10. 3.6.2.2- RBAC

      1.  Michael Herndon was assigned to review the SDP and contextualize this section with the SDP by12/23.

    11. 3.7- Separately Tunneled Layer Access

      1. Leon was assigned to check this section to ensure this is not repeated in another section by 12/23.

    12. 3.8- Network Micro-segmentation

      1. Abhishek Singh, would you please review this section by 12/23. 

    13. Assigned to all, Quiz Questions

      1. Thank you to those who have submitted already 

      2. Quiz question folder added to volunteer folder so you all can see each other's questions/ see examples :) 

        1. https://drive.google.com/drive/folders/1RRq8MTFh19NCxw8bf5FH8Qito31mEC3F

      3. Quiz question audit 

        1. https://docs.google.com/document/d/1O81NSw2HMwmAsFQpDug-ICMovh9vKsKPAeilMsZ1puQ/edit



    ------------------------------
    Reza Safari
    Training administration intern
    CSA
    ------------------------------