Zero Trust Architecture
Hosted formally by The Open Group Security Forum, the Zero Trust Architecture (ZTA) Working Group is a collaboration between the Security Forum and Architecture Forum—participation in this working group is granted to all Silver and Academic Members of both the Security Forum and the Architecture Forum as well as all Gold and Platinum Members of The Open Group. The ZTA Working Group intends to provide clarity by creating an ecosystem of interested end-user and vendor organizations, publish vendor- and technology-neutral standards, and create business guidance for industry participants.
The ZTA Working Group is an industry-wide initiative to establish standards and best practices for Zero Trust as
the overarching information security approach for the Digital Age.
ZTA Working Group Leadership ZTA Working Group Operating Charter
To inquire about joining the ZTA Working Group or participating in any of the active Projects within the ZTA Working Group, contact Forum Director John Linford at j.linford@opengroup.org.
Zero Trust Core Principles Project
This project initially developed the Zero Trust Core Principles White Paper. This document describes the key aspects of Zero Trust, including providing industry standard definitions for both Zero Trust and ZTAs and explaining the key drivers, requirements, and capabilities behind implementing Zero Trust. Based on industry input and feedback, the project published The Open Group Guide: Zero Trust Commandments, taking inspiration from The Open Group Guide: Axioms for the Practice of Security Architecture and the original Jericho Forum® Commandments. The Zero Trust Commandments originate and extend from the Zero Trust Core Principles, providing a non-negotiable list of criteria for Zero Trust.
As the next stage of development, the ZTA Working Group has published the Zero Trust Commandments Snapshot, consolidating and refining the Zero Trust Core Principles White Paper and Zero Trust Commandments Guide. This Standard will embrace the notion of Zero Trust being the security approach for the Digital Age. The new Standard may also act as the basis for a knowledge-based certification program that will complement the Zero Trust Reference Model Standard.
Project Facilitators:
-
Mark Simos, Microsoft
-
Nikhil Kumar, Applied Technology Solutions
-
John Linford, Security & OTTF Director, The Open Group
Zero Trust Reference Architecture Project
The ultimate goal of the ZTA Working Group is to create and publish a Zero Trust Reference Architecture that demonstrates and defines how to implement Zero Trust. The first stage of this has been to produce the Zero Trust Reference Model Snapshot based on industry input and use cases. The Reference Model is a higher-level document focused more on strategic direction and conceptual guidance and will allow for reference implementations to be contributed. These reference implementations will aid in the creation of the Zero Trust Reference Architecture.
This project will utilize The Open Group Snapshot process, publishing regular updates as progress is made and soliciting input from both Members and non-Members of The Open Group to ensure the Zero Trust Reference Model and eventual Zero Trust Reference Architecture meet industry requirements and desires.
This project will also aim to develop complementary documents in order to aid those implementing Zero Trust. Among these are a Business Guide, which will be intended for senior and C-level executives and enterprise architects, that explains what Zero Trust is, its impact on business, and the reasoning for implementing it, as well as a Practitioners Guide, which will be intended for those implementing Zero Trust, that provides a process framework and develops an ontology for Zero Trust.
Project Facilitators:
- Mark Simos, Microsoft
- Nikhil Kumar, Applied Technology Solutions
Zero Trust Implementation Project
The Zero Trust Implementation Project is focused on producing a guide that allows organizations to identify their starting part in the process of implementing Zero Trust and to prioritize actions based on the identified starting point and goals. Implementing Zero Trust requires collaboration and increased communication across the entire organization as well as efficient, deliberate use of new tools. This project will describe the process required to implement Zero Trust and improve the security of the organization.
The Guide will deliberately complement the Zero Trust Commandments and the Zero Trust Reference Model publications from the ZTA Working Group, referencing the 3-Pillar Model and capabilities detailed in the Zero Trust Reference Model and providing specific guidance on practicable steps to take when implementing Zero Trust, while remaining neutral on tools and products. The Guide will also work to complement the Open Dependability through Assuredness (O-DA) Framework.
This project will also incorporate business considerations from implementing Zero Trust, addressing impacts on people and process (i.e., going beyond technical implementation considerations). This will allow organizations to communicate across teams and ensure consistent and coherent implementation throughout the organization.
Project Facilitators:
- Hasan Yasar, CMU SEI
- Mark Simos, Microsoft
- Nikhil Kumar, Applied Technology Solutions
Zero Trust Glossary and Roles Project
The Zero Trust Glossary & Roles Project is focused on producing a set of top-level, relevant terms and definitions pertaining to Zero Trust. This work will be included in the Portfolio of Open Digital Standards – Glossary & Roles (S222) document. The terms and roles identified will be included in the forthcoming knowledge-based, individual Zero Trust Certification Program.
The objective is to provide definitions of glossary items and roles used within the Zero Trust Body of Knowledge and supporting materials, including but not limited to…
- Zero Trust Reference Model (Standard)
- Zero Trust Commandments Standard
Project Facilitator
- Mike Leuzinger, Security Forum Vice-Chair; Nationwide Insurance