Certificate of Competence in Zero Trust (CCZT)

There are no prerequisites required for the CCZT, we recommend that students have at least a basic understanding of networks and network security. It is not essential, but recommended to have some knowledge of cloud security topics e.g. QAPCCS, CCSKPLUS or CCSP.

Covering eight areas of Zero Trust knowledge, the Zero Trust Training (ZTT) outlines how to put measures in place to ensure that the systems and their components operate appropriately and are continuously verified. ZTT enables you to understand and implement Zero Trust principles into business planning, enterprise architectures, and technology deployments.

You will learn about the eight areas of zero trust knowledge;

• Zero Trust Strategy & Governance, Risk and Compliance
• Zero Trust Architecture
• Zero Trust Planning & Implementation
• Visibility, Analytics & Monitoring
• Identity & Software Defined Perimeter (SDP)
• Data, Assets, Applications, and Services (DAAS)
• Device Security
• Applications and Workloads

Learning Outcomes - Upon completion of this course, you will be able to:

• Explain what SDP is, how it came about, and what its technology and business benefits are
• Communicate the problems that SDP solves
• State some of SDP’s underlying technologies
• Distinguish between the basic types of SDP deployments
• Demonstrate understanding of the Zero Trust Maturity Model, and how it supports an organisation's Zero Trust planning process
• Identify the crucial Zero Trust planning steps and key considerations
• Understand Zero Trust pre-requisites and common Zero Trust use cases
• Possess a working knowledge of how industry-recognised methods, such as gap analysis, risk register, and RACI diagrams, fit into a Zero Trust planning process
• Demonstrate an understanding of the concepts of Protect and Attack surface
• Demonstrate understanding of how to map organisational data flows within the scope of the Zero Trust approach
• Demonstrate an understanding of how to plan Zero Trust policies
• Demonstrate an understanding of variables to consider when planning for a Zero Trust target architecture
• Identify the assumptions and considerations for continuing the Zero Trust journey
• Explain the main Zero Trust project implementation preparatory activities
• Outline Zero Trust Architecture implementation steps
• Leverage Zero Trust pillars and cross-cutting capabilities to organize tasks and documentation of workflow
• Visualise and document security workflow architecture using transaction flow diagrams and tables
• Design testing procedures that can be repeated and generate audit trails

The Zero Trust Training (ZTT) curriculum covers essential areas of zero trust knowledge, including strategy and governance, architecture, planning and implementation, identity, device security, and more.

Module 1 - Introduction to Zero Trust Architecture

• Definitions, Concepts, & Components of ZT
• Objectives of Zero Trust
• Benefits of Zero Trust
• Planning Considerations ZTA
• ZTA Implementation Examples
• Zero Trust Use Cases

Module 2 - Introduction to Software-Defined Perimeter

• Software-Defined Perimeter History, Benefits, & Concepts
• Traditional Architecture Issues & SDP Solutions
• Core Tenets, Underlying Technologies, & Architecture
• The Basics of SDP Deployment Models

Module 3 - Zero Trust Planning

• Starting the Zero Trust Journey
• Planning Considerations
• Scope, Priority, & Business Case
• Gap Analysis
• Define the Protect Surface & Attack Surface
• Document Transaction Flows
• Define Policies for Zero Trust
• Developing a Target Architecture

Module 4 - Zero Trust Implementation

• Continuing the ZT Journey
• ZT Project Implementation Considerations
• Implementation Preparation Activities
• ZT Target Architecture Implementation

EXAM

Each Exam Voucher, included in your course provides 2 attempts. Should you not be successful on your first attempt, another will be credited to your CSA Exam Account. Exam Vouchers have a 2-year expiration date and are non-transferable.