Hosted formally by The Open Group Security Forum, the Zero Trust Architecture (ZTA) Working Group is a collaboration between the Security Forum and Architecture Forum—participation in this working group is granted to all Silver and Academic Members of both the Security Forum and the Architecture Forum as well as all Gold and Platinum Members of The Open Group.
The ZTA Working Group is an industry-wide initiative to establish standards and best practices for Zero Trust as
the overarching information security approach for the Digital Age.
To inquire about joining the ZTA Working Group, contact Forum Director John Linford at firstname.lastname@example.org.
In recent times, “zero trust architecture” (ZTA) has become a hot topic, constituting a holistic capability addressing components in the entire IT ecosystem. The scope of Zero Trust includes people, process, technology, risk, compliance, and operations. The overarching nature of Zero Trust has resulted in its key drivers being on both the end user side and the supply side, and an overwhelming interest in Zero Trust coupled with a lack of clarity on what it means, standards around it, and how it should be approached.
Zero Trust reflects a transition from the traditional approach of perimeter-based security to a security operating model that is business-enabling and data-centric. However, traditional, perimeter-based approaches are unable to support the requirements of the Digital Age, including drivers such as modern rates of change, the transition to cloud environments, and the disruption brought about by Digital Evolution.
The ZTA Working Group intends to provide clarity by creating an ecosystem of interested end-user and vendor organizations, publish vendor- and technology-neutral standards, and create business guidance for industry participants.
Within the ZTA Working Group, there are several projects devoted to clarifying and describing Zero Trust and Zero Trust Architecture.
Zero Trust Core Principles Project
The Zero Trust Core Principles Project has already published its first document: the Zero Trust Core Principles White Paper. This document describes the key aspects of Zero Trust, including providing industry standard definitions for both Zero Trust and ZTAs and explaining the key drivers, requirements, and capabilities behind implementing Zero Trust. The document also defines an initial set of Zero Trust Core Principles, leveraging previous work by the Jericho Forum™ to influence their content and structure.
The ZTA Working Group is now refining and explaining the initial Core Principles in The Open Group Guide: Axioms for Zero Trust, taking a similar approach to The Open Group Guide: Axioms for the Practice of Security Architecture: clearly and concisely defining the Core Principles and their importance. The Guide is meant to provide more detail on the Core Principles and offer illustrative examples of them. A companion document will be published alongside the Axiom for Zero Trust Guide, stating each Axiom concisely and clearly.
To inquire about joining the Zero Trust Core Principles Project, contact Forum Director John Linford at email@example.com.
Zero Trust Landscape Project
The information security world is full of misconceptions and confusions about “Zero Trust” and “Zero Trust Architecture”—different organizations define the concepts differently and inconsistently. The Zero Trust Landscape Project intends to identify and describe where and why those differences occur. This will allow the ZTA Working Group to develop content most useful both to end users and to vendors.
To capture this content, the ZTA Working Group is creating the Zero Trust Landscape White Paper. It will contain the results of two industry surveys: one for end users (CISOs, Chief Security Architectures, etc.), and one for product/offering vendors/owners. These survey results will be complemented by research from the ZTA Working Group, incorporating the views of analysts, academia, and other standards organizations. The ZTA Working Group intends to update this document annually, allowing for analysis of longitudinal changes in perspectives and understanding.
To inquire about joining the Zero Trust Landscape Project, contact Forum Director John Linford at firstname.lastname@example.org.
Zero Trust Reference Architecture Project
The ultimate goal of the ZTA Working Group is to create and publish a Zero Trust Reference Architecture that demonstrates and defines how to implement Zero Trust.
To aid in the creation of the Zero Trust Reference Architecture, the ZTA Working Group is first creating an initial conceptual Zero Trust Reference Model based on industry input and use cases. The Reference Model will be a higher-level document focused more on strategic direction and conceptual guidance and will allow for reference implementations to be contributed. These reference implementations will aid in the creation of the Zero Trust Reference Architecture.
This project will utilize The Open Group Snapshot process, publishing regular updates as progress is made and soliciting input from both Members and non-Members of The Open Group to ensure the Zero Trust Reference Model and eventual Zero Trust Reference Architecture meet industry requirements and desires.
This project will also aim to develop complementary documents in order to aid those implementing Zero Trust. Among these are a Business Guide, which will be intended for senior and C-level executives and enterprise architects, that explains what Zero Trust is, its impact on business, and the reasoning for implementing it, as well as a Practitioners Guide, which will be intended for those implementing Zero Trust, that provides a process framework and develops an ontology for Zero Trust.
To inquire about joining Zero Trust Reference Architecture Project, contact Forum Director John Linford at email@example.com.
To inquire about joining and contributing to the Zero Trust Architecture Working Group, contact Security Forum Director John Linford at firstname.lastname@example.org.