Zero Trust Architecture (ZTA) Expert Group

Back to discussions
Expand all | Collapse all

ZTA Expert Group Meeting Minutes 11/23

  • 1.  ZTA Expert Group Meeting Minutes 11/23

    Posted Nov 29, 2021 11:01:00 AM

    Hello all,

    Thank you for the thoughtful discussion last Tuesday. The meeting minutes have been updated and can be found here: https://drive.google.com/file/d/1NMaDfJVFIm2_jG3lfCOwCk0vUQ4DOttp/view?usp=sharing

    The recording for this meeting and future meetings can be found in the Library of the ZTA SME Circle group, along with the agendas/ meeting minutes, and other relevant ZTA artifacts, such as the charter. The Circle group is invite-only, so if you do not have access to this group, please let us know ASAP and we can get that resolved. 

    All Modules for the ZTA Training as well as the ZTA Glossary can be found here: https://drive.google.com/drive/folders/1RRq8MTFh19NCxw8bf5FH8Qito31mEC3F?usp=sharing

    As a reminder, small groups have started up again. Each of you should've already been assigned to one and invited via a calendar invite. If you did not receive a calendar invite or if you are not assigned to a team please let us know.

    Note: Team 1 and Team 3 were merged and Team 1 will join Team 3's call on Thursdays. There will be no Team 1 call on Tuesdays moving forward.

    Team 2: Wednesday 2pm-3pm (PT): Module 4 -  SDP Architectures and Implementation Approaches

    Team 1/3: Thursday 8am-9am (PT): Module 3 - SDP Key Features and Technologies

    Action Points (APs): 

    1. Section 3.1.1- The Shifting Perimeter

      1. Matthew Meerman was assigned to work on this section by 11/30.

    2. Section 3.1.2- The IP Address Challenge 

      1. Matthew Meerman was assigned to work on this section by 11/30

    3. Section 3.1.2.1- Capabilities required to mitigate the Connect first, Authenticate second model security weaknesses

      1. Leon was assigned to create a new title/conform to the challenge (not the solution)/find another more appropriate section by 11/30.

    4. Section 3.1.3- Integrating Security Controls

      1. Matthew Meerman was assigned to work on this section by 11/30.

    5. Section 3.1.4- SDP Key Features and Technologies 

      1. Matthew Meerman was assigned to work on this section by 11/30.

    6. Sections 3.2-3.2.2.3 Hiding of Infrastructure, Attack Detection 

      1. We need a good flow between this section and section 3.7- Dynamic Firewall

        1. Jake Kline was assigned to work on it by 11/30.

    7. Section 3.2.2- Single Packet Authorization

      1. Leon was assigned to work on this section by 11/30. 

    8. Sections 3.3-3.3.1.3 Mutual Transport Layer Authentication, MITM Protection

      1. We need the current text reviewed, as well as new text for those sections. Additionally, should any new sections be added?

        1. Abhishek was assigned to work on it by 11/30. 

    9. Sections 3.4- 3.4.3.2 The Access Model Based on the Principles of Least Privilege and Need to Know 

      1. Michael Herdon was assigned to review those sections by 11/30.

    10. Section 3.4.2- Policy driven authorization and access 

      1. Vani was assigned to work on this section by 11/30.

    11. Sections 3.5 and 3.5.1 Dynamic Access Control 

      1. Remo was assigned to write content for those sections by 11/30. 

    12. Sections 3.6- 3.6.2 Secure Remote Access

      1. Rajesh was assigned to write content for those sections by 11/30.

    13. Section 3.7- Dynamic Firewall

      1. Prasad and Jake Kline were assigned to work on harmonizing this section with section 3.2 by 11/30.

    14. 3.7.1.2- Fused multi-Source Intelligence

      1. Leon will work on this section by 11/30.

    15. Sections 3.7.1.4.1 -3.7.1.4.4 Dynamic Firewall

      1. Leon will work on those sections by 11/30.

    16. 3.7.2- Shortcomings of Firewall Architecture

      1. Leon was assigned to rewrite it by 11/30.

      2. Lauren was assigned to propose what the vision should be of this section and the title by 11/30. 

    17. Section 3.7.3- Policy Driven 

      1. Prasad was assigned to work on this section by 11/30. 

    18. Sections 3.8- 3.8.3.3 Identity & Device-Driven Access Control 

      1. Sam Reddy was assigned to work on those sections by 11/30.

    19. Assigned to all, please review the SDP m2 self-paced training by 11/30

      1. SDP Unit 1: https://360.articulate.com/review/content/c46b89bb-f091-4486-a86e-d2cf6c883f69/review

      2. SDP Unit 2: https://360.articulate.com/review/content/efd099cb-e172-4fc4-aa02-d39cf04953ab/review

      3. SDP Unit 3: https://360.articulate.com/review/content/5e731c62-6fa7-486f-93c3-b6d6c859238a/review

      4. SDP unit 4: https://360.articulate.com/review/content/75bb32af-ebff-4a75-b486-726fb0f9782d/review

    20. Assigned to all, help us write quiz questions

      1. 10 questions/ unit 

      2. Item form 

        1. https://docs.google.com/document/d/1VUTUMYUJcVc9FT__ga5-zkNcw0vGB4VQC6giI8b_xWU/edit?usp=sharing

      3. Item guidelines

        1. https://docs.google.com/document/d/1Rq--uvdLyxIpJJt_n-wAZ8iytwnX8aJWIh4p83NhoLM/edit?usp=sharing

    21. Assigned to all, if you have not already, please read the SDP Spec v2 and Architecture Guide attached. 

      1. This will be crucial for writing M3-6.

    22. Assigned to all, if you have not already please review M2, introduction to SDP.

      1. This was written using the Architecture Guide and SDP Spec v1 doc.

    23. Assigned to all, if you would like your profile picture and name displayed on the CSA website for any research publications you helped create, please also fill out this form with your headshot & bio: https://airtable.com/shrWCABzTtYhNj60C


    ------------------------------
    Reza Safari
    Training administration intern
    CSA
    ------------------------------