Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
Membership
Membership Benefits
Our Member Community
Get Involved
Become a Member
Member-Exclusive Programs
STAR Enabled Solutions
Trusted Cloud Consultant
Trusted Cloud Provider
Certified STAR Auditors
CSA Startup Showcase
Member Portal
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Education
Online Education Platforms
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Chapters
Open Peer Reviews
Research Topics
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Cloud Security Glossary
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Strategic Initiatives
Explore CSA's Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
FinCloud Security
Trusted Cloud Consultant
ChaptersCircleEventsBlog
Learn how to use annual SOC data to shape stronger FinServ security strategies in 2025. Don’t miss this free webinar session on April 22!

Working Group

Software-Defined Perimeter

This group is working to validate and protect the devices and connections on a network.
Software-Defined Perimeter Zero Trust Charter
Software-Defined Perimeter Zero Trust Charter

Download

Research Topics
About Topic
Working Group
Discussion Community
Publications
Home
Research
Working Groups
Software-Defined Perimeter
The Software-Defined Perimeter (SDP) Working Group is no longer active. The SDP Working Group has been folded into the Zero Trust Working Group. The security industry has embraced the architectural goals and objectives of SDP while also expanding and elaborating on the goals and principles of Zero Trust to expand beyond the scope of SDP. We invite you to join the Zero Trust Working Group.

Working Group Overview

This group works to validate and protect the devices and connections on a network. The topics of group discourse are benefits, architectural references, and implementation of a zero trust architecture. In particular, we will use the SDP protocol as a reference to obtain zero trust.

What do we discuss?

During our meetings, we typically discuss changes in the industry and collaborate on projects the group is currently working on. We welcome anyone who would like to join, even if you would like to just listen in on any calls.


Drafts & Important Docs

Working Group Leadership

Bob Flores
Bob Flores

Bob Flores

Co-founder and Partner at Cognitio

Bob Flores is a co-founder and partner of Cognitio. Prior to this, Bob spent 31 years at the Central Intelligence Agency. While at CIA, Bob held various positions in the Directorate of Intelligence, Directorate of Support, and the National Clandestine Service. Toward the end of his career at the CIA, Bob spent three years as the CIA’s Chief Technology Officer where he wa...

Read more

Jason Garbis
Jason Garbis

Jason Garbis

Founder and Principal at Numberline Security

Jason Garbis is Founder and Principal at Numberline Security, a consulting firm helping enterprises prepare for, define, and execute on effective Zero Trust security strategies. Jason has authored several books, including Zero Trust Security: An Enterprise Guide, is co-chair of the Zero Trust Working Group at the Cloud Security Alliance, and is a frequent speaker at industry conferences. Jason holds a CISSP certification, has a BS in Comput...

Read more

Junaid Islam
Junaid Islam

Junaid Islam

Secure Communications Expert

Junaid Islam is the CTO and founder of Vidder which provides distributed access control solutions to Fortune 500 companies. Prior to founding Vidder, Junaid founded Bivio Networks which developed the first Gigabit speed software based securityin the industry. Earlier in his career Junaid helped create networking standards such as Frame Relay, ATM and MPLS while...

Read more

Erik Johnson
Erik Johnson

Erik Johnson

Cloud Security Specialist & Senior Research Analyst, CSA

Worked for the Federal Reserve for many years and volunteered with the CSA with a focus on CCM/CAIQ V4, specifically the STA domain, and developing a comprehensive framework and guidance for defining and managing the cloud shared security responsibility model (SSRM).

I recently retired from the Federal Reserve and am now consulting with the CSA as a Senior Research Analyst with a focus on Zero Trust and Financial Services.

Linke...

Read more

Publications in ReviewOpen Until
Agentic AI Red Teaming GuideApr 27, 2025
AI Consensus Assessments Initiative Questionnaire (AI-CAIQ)Apr 28, 2025
Secure Agentic System Design - A Trait-Based ApproachMay 15, 2025
View all
Want to join this working group? Register or sign-into Circle to get started.
Who can join?

Anyone can join a working group, whether you have years of experience or want to just participate as a fly on the wall.

What is the time commitment?

The time commitment for this group varies depending on the project. You can spend a 15 minutes helping review a publication that's nearly finished or help author a publication from start to finish.

Virtual Meetings

Attend our next meeting. You can just listen in to decide if this group is a good for you or you can choose to actively participate. During these calls we discuss current projects, and well as share ideas for new projects. This is a good way to meet the other members of the group. You can view all research meetings here.

No scheduled meetings for this working group in the next 60 days.

See Full Calendar for this Working Group

Open Peer Reviews

Peer reviews allow security professionals from around the world to provide feedback on CSA research before it is published.

Learn how to participate in a peer review here.

Agentic AI Red Teaming Guide

Open Until: 04/27/2025

Red teaming for Agentic AI requires a specialized approach due to several critical factors. Agentic AI systems demand more ...

Participate in peer review

AI Consensus Assessments Initiative Questionnaire (AI-CAIQ)

Open Until: 04/28/2025

The AI Consensus Assessment Initiative Questionnaire (AI-CAIQ) is an extension of the Cloud Security Allia...

Participate in peer review

Secure Agentic System Design - A Trait-Based Approach

Open Until: 05/15/2025

This paper addresses the security challenges unique to agentic AI systems. As AI transitions from passive tools to autonomo...

Participate in peer review