Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Membership
Join as an Organization
Enterprises
Solution Providers
Contact Us
Current Members
Initiatives & Partnerships
AI Safety Initiative
CxO Trust
Zero Trust Advancement Center
Trusted Cloud Providers
Trusted Cloud Consultant
Other Opportunities
Event Sponsorships
Join as Individual
Chapters
Circle Community Forum
Research Working Groups
Volunteer Opportunities
STAR Program
STAR Home
STAR Registry
Submit to Registry
Provide Feedback
Certified STAR Auditors
STAR Enabled Solutions
Stay compliant in the cloud
CCAK Training
STAR Lead Auditor Training
Training for Government Agencies
Governance, Risk & Compliance Tools
Cloud Controls Matrix (CCM)
Consensus Assessment Initiative Questionnaire (CAIQ)
EU Cloud Code of Conduct
STAR Level 1
At level one organizations submit a self-assessment.
View companies at level one
Learn about level one
STAR Level 2
At level two organizations earn a certification or third-party attestation.
View companies at level two
Learn about level two
Certificates & Training
Online Platform
Knowledge Center
CSA Exams
Events
Learn and network while you earn CPE credits.
Virtual Events & Webinars
Event Sponsorships
Certificates
Certificate of Cloud Security Knowledge (CCSK)
Certificate of Cloud Auditing Knowledge (CCAK)
Certificate of Competence in Zero Trust (CCZT)
Digital Badges
Trainings
Zero Trust Training (ZTT)
Cloud Infrastructure Security Training
STAR Lead Auditor Training
Advanced Cloud Security Practitioner (ACSP) Training
CCSK Train the Trainer
Training Network
Become an Instructor
Become a Training Partner
Specialized Training Options
Train my entire team
Training for Government Agencies
Research
CSA Research
Latest Research
Working Groups
Open Peer Reviews
Research Topics
Strategic Initiatives
AI Safety Initiative
Zero Trust Advancement Center
CxO Trust
Trusted Cloud Consultant
FinCloud Security
Thought Leadership
CloudBytes Webinars
Blog
Getting Started with CSA Research
Cloud security best practices
Assess your cloud compliance
Security questionnaire for vendors
Top threats to cloud computing
Awards & Recognition
Juanita Koilpillai Awards
Research Fellows
Critical Topics
AI Safety Initiative
AI Technology and Risk
AI Governance & Compliance
AI Controls
AI Organizational Responsibilities
Enterprise Architecture
Blockchain
Zero Trust
DevSecOps
Top Threats
Cloud 101CircleEventsBlog

Zero Trust Resource Hub

The latest in guidance, architectures, and more from industry leaders.

Home
Sponsors
Working Group
Events
Training
Exam
Resource Hub
Home
Zero Trust
Resources
With the help of cybersecurity organizations and experts, this online center showcases the most important, curated Zero Trust publications and resources in the industry.

Latest News

CISA establishing new office focused on zero trust
FedScoop
Published: 02/15/2024
Unveiling the Dark Arts of Exploiting Trust
Cloud Security Alliance
Published: 05/14/2024
Zero Trust & Identity and Access Management: Mitigating Shadow Access
Cloud Security Alliance
Published: 05/10/2024
The Future of Cloud Cybersecurity
Cloud Security Alliance
Published: 04/29/2024
CCZT, the industry’s first Zero Trust certificate

Browse Resources

Neutral Solution Provider

A resource is classified as vendor neutral when it does not pertain to any particular vendor product or service.

Single Solution Provider

A resource is classified as vendor-specific when it refers or pertains specifically to their product or service.

Multiple Solution Provider

A resource is classified as multi-vendor or multi-provider when it is developed by multiple vendors and refers specifically to their products or services.

Sort by
Publication date
Filter by
Content Type
Solution Provider Neutrality
Language
Organization
Reset all filters
Add Zero Trust content to the Resource Hub
Submit here
Add Zero Trust content to the Resource Hub
Submit here

This is the keynote address from the founder of Zero Trust. It provides a good high-level overview of Zero Trust architecture principles, strategy, and a five-step implementation methodology.   

View

FutureCon Keynote Address - John Kindervag
Release date: 02/16/2022
Recordings
Neutral
ON2IT
View ⟶

View

US Federal Zero Trust Strategy (M-22-09)
Release date: 01/26/2022
Policy
Neutral
US OMB
View ⟶

Zero Trust solutions are critical to meeting the mandates in President Biden’s Executive Order on Improving the Nation’s Cybersecurity. The implications of a diverse solutions landscape and challenges to deliver a Zero Trust Architecture (ZTA) are explored in this paper. 

View

Toward a Zero Trust Architecture
Release date: 10/27/2021
Architecture
Neutral
CSA-DC Chapter
View ⟶

Directional executive order from the White House for improving the US cybersecurity posture. The press release for the EO can be found here.   

This document is being provided by Cloud Security Alliance. 

View

Executive Order on Improving the Nation’s Cybersecurity (Executive Order 14028)
Release date: 05/12/2021
Policy
Neutral
US President
View ⟶

Zero Trust Security uniquely covers the breadth of enterprise security and IT architectures, providing substantive architectural guidance and technical analysis with the goal of accelerating your organization‘s journey to Zero Trust. 

View

Zero Trust Security: An Enterprise Guide
Release date: 02/27/2021
Books
Neutral
Jason Garbis & Jerry Chapman
View ⟶

The US Department of Defense ZT Reference Architecture is a key CSA ZT source document that describes ZT standards and capabilities. ZT is a security strategy and framework that embeds security throughout the architecture to prevent unauthorized access. It provides zones for visibility and positions mechanisms throughout the architecture to secure, manage and monitor every device, user, application, and transaction. 

A foundational tenet of ZT is that no internal or external actor, system, network, or service is trusted. Instead, we must verify anything and everything attempting to establish access. It is a dramatic paradigm shift in how we secure infrastructure, networks, and data.

View

DoD Zero Trust Reference Architecture
Release date: 02/24/2021
Architecture
Neutral
US DoD CIO
View ⟶

NSA cybersecurity guidance explains the Zero Trust security model and its benefits, as well as challenges for implementation. It discusses the importance of building a detailed strategy, dedicating the necessary resources, maturing the implementation, and fully committing to the Zero Trust model to achieve the desired results. The following recommendations will assist cybersecurity leaders, enterprise network owners, and administrators who are considering embracing this modern cybersecurity model.

View

Embracing a Zero Trust Security Model
Release date: 02/01/2021
Guidance
Neutral
US National Security Agency
View ⟶

This report addresses the technical, social, policy, and regulatory issues associated with creating trust frameworks in a Zero Trust world. Industry and government are called to solve issues in ways that continue to protect the right to user privacy. 

View

Earning Trust in the 21st Century
Release date: 01/26/2021
Guidance
Neutral
CSA-DC Chapter
View ⟶

The US National Institute of Standards and Technology (NIST) Zero Trust Architecture (ZTA) document describes ZT for enterprise security architects. It is meant to aid understanding of ZTA and provide an enterprise implementation roadmap for zero trust security concepts. Cybersecurity managers and network administrators may also gain ZTA insight from IT. It is not intended to be a single deployment plan for ZTA as enterprises will have unique business use cases and data assets to safeguard. Starting with a solid understanding of the organization’s business and data will result in a strong approach to zero trust. 

View

Zero Trust Architecture (SP 800-207)
Release date: 08/10/2020
Architecture
Neutral
NIST
View ⟶

Zero Trust using Software-Defined Perimeter principles allows organizations to defend new variations of old attack methods in perimeter-centric networking models. This paper will show how SDP can be used to implement ZTNs and why SDP is applied to network connectivity. 

View

Software-Defined Perimeter (SDP) and Zero Trust
Release date: 05/27/2020
Guidance
Neutral
Cloud Security Alliance
View ⟶

The CSA Software Defined Perimeter (SDP) Architecture Guide is designed to leverage proven, standards-based components to stop network attacks against application infrastructure. The architecture guide will help increase awareness and adoption of SDP and ZT, improve understanding of how SDP can be used in different environments, and help enterprises successfully deploy SDP solutions and ZT architecture recommendations. 

View

SDP Architecture Guide V2
Release date: 05/07/2019
Architecture
Neutral
English
Cloud Security Alliance
View ⟶

The US Department of Defense Acquisition University's Cybersecurity Channel includes recordings of the entire  4/4-5/23 DoD ZT Symposium that the DOD hosted virtually in collaboration with the CSA and MIT Lincoln Labs. John Kindervag's session is on Day 1 and CSA CTO and Industry Panel sessions are on Day 2.

View

DoD Zero Trust Symposium & DAU Cybersecurity Event Recordings
Release date: 04/21/1900
Recordings
Neutral
DoD Defense Acquisition University (DAU)
View ⟶

This guidance is aimed at those implementing a zero trust architecture in an enterprise environment - this includes public and private sectors.

The principles within this guidance will help you design and review a zero trust architecture that meets your organization's individual requirements.

There are many vendors and open source offerings providing zero trust based services. These principles will help you select which combination of services can best support your journey to zero trust.

View

Zero Trust Architecture Design Principles
Release date: 04/21/1900
Architecture
Neutral
United Kingdom National Cybersecurity Center
View ⟶
Elevate your security posture with Zero Trust Training
Discover more Zero Trust resources
Read the BlogJoin the Working Group