m o g h ti b u c . 5 m o c . 5 b u h t i g Software-Defined Perimeter Working Group Software-Defined Perimeter (SDP) Specification 2.0 June TBD The permanent and official location for Software Defined Perimeter Working Group is https://cloudsecurityalliance.org/research/working-groups/software-defined-perimeter m o c . 5 b u h t i g © 2021 Cloud Security Alliance – All Rights Reserved. You may download, store, display on your computer, view, print, and link to the Cloud Security Alliance at https://cloudsecurityalliance.org subject to the following: (a) the draft may be used solely for your personal, informational, non-commercial use; (b) the draft may not be modified or altered in any way; (c) the draft may not be redistributed; and (d) the trademark, copyright or other notices may not be removed. You may quote portions of the draft as permitted by the Fair Use provisions of the United States Copyright Act, provided that you attribute the portions to the Cloud Security Alliance © Copyright 2021, Cloud Security Alliance. All rights reserved. Page 2 of 33 0.1 Document Project Plan Start Date End Date Feb 15, 2019 Start Agree Outline /Assign Sections Revised Outlines /Assign Sections and Writing Writing Writing/Review - Extension Writing/Review - Extension External Peer Review Marketing Publishing 0.1.5 To Do’s / Assignments 0.2 Team / Contributor Composition Contributors Juanita Koilpillai jkoilpillai@waverleylabs.com Jason Garbis jason.garbis@appgate.com Michael Roza Michael.e.roza@gmail.com Entire Initial v2 - Initial review and reorganization of entire v1 document to start v2 SDP Component descriptions, SDP Protocol section updates, Updated diagrams, JSON edits, Onboarding example. Entire document - Made and accepted edits and minor rewrites throughout. b u SDP Deployment models and Workflow table changes. SPA - broader usage section rework mTLS and IKE section h t i g Entire Initial v2 - Initial review and reorganization of entire v1 document to start v2, SDP Protocol section - Identification of errors, inconsistencies, and recommendations for improvement and changes to sequencing images and message text. Summary section - outline. SDP Deployment models and Workflow table changes Entire document - Made and accepted edits and minor rewrites throughout. Bob Flores bob.flores@applicology.com Initial review and reorganization to start v2 Junaid Islam junaid@xqmsg.com Initial review and reorganization to start v2 Daniel Bailey dbailey@waverleylabs.com Benfeng Chen bfchen@clouddeep.ai Eitan Bremler eitan.bremler@safe-t.com Ahmed Refaey Hussein ahmed.hussein@manhattan.edu m o c . 5 Areas of Contribution SDP Component descriptions. SDP Protocol section and workflow. SPA clarification. Onboarding example. SDP Protocol and SPA section update. Updated the SDP protocol workflow for network invisibility, as well as the cryptographic algorithms in SPA messages for security. Review of SDP architecture and components, Controller, Initiating Hosts, Accepting Hosts, Gateways, Deployment Models SDP - SDN - NFV and cloud deployments © Copyright 2021, Cloud Security Alliance. All rights reserved. Page 3 of 33 Acknowledgments Version 2.0 Lead Authors Juanita Koilpillai Jason Garbis Contributors Junaid Islam Bob Flores Daniel Bailey Benfeng Chen Eitan Bremler Michael Roza m o CSA Analysts b u Shamun Mahmud Version 1.0 Contributors c . 5 h t i g Brent Bilger, Alan Boehme, Bob Flores, Zvi Guterman, Mark Hoover, Michaela Iorga, Junaid Islam, Marc Kolenko, Juanita Koilpillai, Gabor Lengyel, Gram Ludlow, Ted Schroeder and Jeff Schweitzer CSA Analysts Shamun Mahmud The Software-Defined Perimeter (SDP) and Zero Trust Working Group is a Cloud Security Alliance (CSA) a research working group will advocate for and promote the adoption of Zero Trust security principles, providing practical and technically sound guidance on how organizations can and should approach this for their cloud and non-cloud environments. This group will build on and leverage the NIST Zero Trust research and approach. The group will also promote SDP as a recommended architecture for achieving Zero Trust benefits and principles. It will revise and expand the SDP specification, to capture and codify the knowledge gained from experience. While promoting and recommending SDP, the group will take an inclusive approach to alternative security architectures and objectively support them as long as they’re aligned with the