Hosted formally by The Open Group Security Forum, the Zero Trust Architecture (ZTA) Working Group is a collaboration between the Security Forum and Architecture Forum—participation in this working group is granted to all Silver and Academic Members of both the Security Forum and the Architecture Forum as well as all Gold and Platinum Members of The Open Group. The ZTA Working Group intends to provide clarity by creating an ecosystem of interested end-user and vendor organizations, publish vendor- and technology-neutral standards, and create business guidance for industry participants.
The ZTA Working Group is an industry-wide initiative to establish standards and best practices for Zero Trust as
the overarching information security approach for the Digital Age.
To inquire about joining the ZTA Working Group or participating in any of the active Projects within the ZTA Working Group, contact Forum Director John Linford at firstname.lastname@example.org.
Zero Trust Core Principles Project
The Zero Trust Core Principles Project has already published its first document: the Zero Trust Core Principles White Paper. This document describes the key aspects of Zero Trust, including providing industry standard definitions for both Zero Trust and ZTAs and explaining the key drivers, requirements, and capabilities behind implementing Zero Trust. The document also defines an initial set of Zero Trust Core Principles, leveraging previous work by the Jericho Forum™ to influence their content and structure.
The ZTA Working Group recently published The Open Group Guide: Zero Trust Commandments, taking inspiration from The Open Group Guide: Axioms for the Practice of Security Architecture and the original Jericho Forum® Commandments. The Zero Trust Commandments originate and extend from the Zero Trust Core Principles, providing a non-negotiable list of criteria for Zero Trust.
- Nikhil Kumar, Applied Technology Solutions
Zero Trust Landscape Project
The information security world is full of misconceptions and confusions about “Zero Trust” and “Zero Trust Architecture”—different organizations define the concepts differently and inconsistently. The Zero Trust Landscape Project intends to identify and describe where and why those differences occur. This will allow the ZTA Working Group to develop content most useful both to end users and to vendors.
To capture this content, the ZTA Working Group is creating the Zero Trust Landscape Guide. It will contain the results of an annual industry survey for end users (CISOs, Chief Security Architectures, etc.) and product/offering vendors/owners. These survey results will be complemented by research from the ZTA Working Group, incorporating the views of analysts, academia, and other standards organizations. The ZTA Working Group intends to update this document annually, allowing for analysis of longitudinal changes in perspectives and understanding.
- Altaz Valani, Security Forum Vice-Chair; Security Compass
- Malcolm Shore, The SABSA Institute
Zero Trust Reference Architecture Project
The ultimate goal of the ZTA Working Group is to create and publish a Zero Trust Reference Architecture that demonstrates and defines how to implement Zero Trust.
To aid in the creation of the Zero Trust Reference Architecture, the ZTA Working Group is first creating an initial conceptual Zero Trust Reference Model based on industry input and use cases. The Reference Model will be a higher-level document focused more on strategic direction and conceptual guidance and will allow for reference implementations to be contributed. These reference implementations will aid in the creation of the Zero Trust Reference Architecture.
This project will utilize The Open Group Snapshot process, publishing regular updates as progress is made and soliciting input from both Members and non-Members of The Open Group to ensure the Zero Trust Reference Model and eventual Zero Trust Reference Architecture meet industry requirements and desires.
This project will also aim to develop complementary documents in order to aid those implementing Zero Trust. Among these are a Business Guide, which will be intended for senior and C-level executives and enterprise architects, that explains what Zero Trust is, its impact on business, and the reasoning for implementing it, as well as a Practitioners Guide, which will be intended for those implementing Zero Trust, that provides a process framework and develops an ontology for Zero Trust.
- Ken Street, Conexiam
- Nikhil Kumar, Applied Technology Solutions