Cloud 101CircleEventsBlog
Help shape the future of cloud security! Take our quick survey on SaaS Security and AI.

Publication Peer Review

Map the Transaction Flows for Zero Trust
Map the Transaction Flows for Zero Trust

Map the Transaction Flows for Zero Trust

Open Until: 09/16/2024

Zero Trust has emerged as a paradigm shift in cybersecurity strategy, advocating a "never trust, always verify" approach. The objective of this document is to provide guidance for iteratively executing the second step in the five step Zero Trust implementation process described in the NSTAC) Report to the President on Zero Trust and Trusted Identity Management, originally formulated and socialized by John Kindervag. Separate CSA research documents are being developed to elaborate detailed guidance for each of the five steps, which starts with Defining the Protect Surface.


A key step to successfully implementing Zero Trust is mapping transaction flows for a protect surface to understand how the business system works, with the ultimate goal of defining and enforcing security policies in subsequent steps. This paper guides mapping transaction flows for the Devices, Assets, Applications, and Services (DAAS) elements comprising a protect surface, establishing granular visibility for communication between the elements, with other protect surfaces, and with users and external services.


As transaction flows are mapped and understood in detail, protect surface metadata and documentation are refined to provide necessary inputs for building the Zero Trust architecture in step 3 and policy enforcement points in step 4. As one moves through the steps, it is important to gather and iteratively validate and refine this information to make the design more granular. Zero trust implementation is an iterative, progressively elaborated process flow. 

Peer review period has ended.