Zero Trust Architecture (ZTA) Expert Group

Back to discussions
Expand all | Collapse all

October 20, 2022 - Expert Group Meeting Minutes and Action Points

  • 1.  October 20, 2022 - Expert Group Meeting Minutes and Action Points

    Posted Oct 27, 2022 09:27:00 AM

    Hello all,

    Thank you all for the thoughtful discussion Thursday (10/20). The meeting minutes have been updated and can be found here.

    The recording for this meeting and future meetings can be found in the Library of the ZTT SME Circle group, along with the agendas/meeting minutes, and other relevant ZTT artifacts, such as the charter. The Circle group is invite-only, so if you do not have access to this group, please let us know ASAP and we can get that resolved. 

    All Modules for the ZT Training as well as the ZTT Glossary can be found here. All ZT/SDP External Resources

    Note: If you are a new volunteer, please read modules 1-5 to get a good concept of the ZT/SDP training. 

    All, please be aware, we ask that volunteers review the ZT Planning Module -M5 document by EOD October 31, 2022

     

    On Thursday (10/13), we assigned portions of the Moule 6 outline to be reviewed. 1 person was assigned to review their entire unit (ex. 6.1) while other volunteers have been assigned to review sections within (ex. 6.1.1). 

    All have been asked to consider the following while reviewing: 

    1. What all needs to be covered in an Implementation module (overall)?

    2. Does there need to be additional sections in the unit?

    3. Do sections need some subsections?

    4. Do we need to remove sections in the unit?

    5. Are there sections that we need to cover that aren't covered in NIST 1800-35b?

    6. Do we need to change the title of any sections?

    The goal is to finalize the outline before moving forward with writing assignments.

     

    Action Items (some carry over from 10/13):

    1. All assigned to review the ZT Planning Module -M5 by EOD October 31, 2022

    2. All assigned to review the ZT Implementation Outline - Module 6. 

      1. Please provide feedback by October 20, 2022. 

        1. Above outline is based on NIST 1800-35B. All assigned to review to have a solid understanding of what Module 6 will cover. 

    3. 6.1 Implementing Zero Trust 

      1. 6.1.1 Enhanced Identity Governance 

        1. Heinrich and Shruti to comment their thoughts regarding the NPE vs. Machine vs. Human and Identity/Entity discussion (See internal action point below)

      2. 6.1.2 Implementation Architecture 

        1. Aunudrei agreed to update section based on group's feedback from Thursday meeting by 10/27

      3. 6.1.3 Example Implementation Architecture & Build Features 

        1. Ron K. agreed to update section based on group's feedback from Thursday meeting by 10/27

          1. Madhav has expressed interest in assisting Ron with this review  (outstanding)

    4. 6.2 Creating Technology Policies 

      1. 6.2.1 ZTA Supporting Components for Policies 

        1. Madhav assigned to review this section by 10/20 (Outstanding)

    5. 6.3 Continuous Operation & Improvement 

      1. Michael H. assigned to review this unit by 10/20 (Outstanding)

    6. 6.4 ZT Implementation Project Risk Management 

      1. Alex S. assigned to review this unit by 10/27 (In Progress) 

      2. Alex and Leon have decided to work on this section's structure together

      3. All please comment on this section with your feedback by 10/27

        1. Since this unit is the largest section, we would like to ensure this unit gets substantial feedback from you all.

    Internal Action Point:
    1. CSA internal teams to discuss and confirm the terminology regarding Human vs. NPE vs. Machine and Entity vs. Identity.
     
    Thank you for your time and commitment,
    Chandler Curran 
    Training Project Administrator 
    Cloud Security Alliance 


    ------------------------------
    Chandler Curran
    Training Project Administrator
    Cloud Security Alliance
    ------------------------------