Security specialty

Zero Trust Architecture

Browse every cataloged workflow for zero trust architecture, with source context, tags, and security framework mappings intact.

Complete collection

Skills in this domain

17 skills

cybersecuritySkill

Configuring AWS Verified Access for ZTNA

Configure AWS Verified Access to provide VPN-less zero trust network access to internal applications using identity and device posture verification with Cedar policy language.

Zero Trust Architecture
awsaws-ramcedar-policydevice-posture+5
ATT&CK, 3 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Configuring Identity-Aware Proxy with Google IAP

Configuring Google Cloud Identity-Aware Proxy (IAP) to enforce per-request identity verification for Compute Engine, App Engine, Cloud Run, and GKE services using access levels, context-aware policies, and programmatic access with service accounts.

Zero Trust Architecture
access-context-managerapp-enginecloud-rungcp+3
ATT&CK, 3 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Configuring Microsegmentation for Zero Trust

Configure microsegmentation policies to enforce least-privilege workload-to-workload access using tools like VMware NSX, Illumio, and Calico, preventing lateral movement in zero trust architectures.

Zero Trust Architecture
lateral-movementmicrosegmentationnetwork-accessnetwork-security+1
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Configuring Zscaler Private Access for ZTNA

Configuring Zscaler Private Access (ZPA) to replace traditional VPN with zero trust network access by deploying App Connectors, defining application segments, configuring access policies based on user identity and device posture, and integrating with IdPs.

Zero Trust Architecture
access-policyapp-connectorsasezero-trust+3
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Deploying Cloudflare Access for Zero Trust

Deploying Cloudflare Access with Cloudflare Tunnel to provide zero trust access to self-hosted and private applications, configuring identity-aware access policies, device posture checks, and WARP client enrollment for VPN replacement.

Zero Trust Architecture
cloudflarecloudflare-accesscloudflare-onecloudflare-tunnel+3
ATT&CK, 4 mappingsNIST CSF, 4 mappingsATLAS, 3 mappingsAI RMF, 4 mappings
cybersecuritySkill

Deploying Palo Alto Prisma Access Zero Trust

Deploying Palo Alto Networks Prisma Access for SASE-based zero trust network access using GlobalProtect agents, ZTNA Connectors, security policy enforcement, and integration with Strata Cloud Manager for unified security management.

Zero Trust Architecture
globalprotectpalo-altoprisma-accesssase+3
ATT&CK, 4 mappingsNIST CSF, 4 mappingsAI RMF, 3 mappings
cybersecuritySkill

Deploying Software-Defined Perimeter

Deploy a Software-Defined Perimeter using the CSA v2.0 specification with Single Packet Authorization, mutual TLS, and SDP controller/gateway configuration to enforce zero trust network access.

Zero Trust Architecture
network-accesssdpsoftware-defined-perimeterzero-trust+1
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Deploying Tailscale for Zero Trust VPN

Deploy and configure Tailscale as a WireGuard-based zero trust mesh VPN with identity-aware access controls, ACLs, and exit nodes for secure peer-to-peer connectivity.

Zero Trust Architecture
aclheadscaleidentity-awaremesh-vpn+5
ATT&CK, 4 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Implementing BeyondCorp Zero Trust Access Model

Implementing Google's BeyondCorp zero trust access model to eliminate implicit trust from the network perimeter, enforce identity-aware access controls using IAP, Access Context Manager, and Chrome Enterprise Premium for VPN-less secure application access.

Zero Trust Architecture
access-context-managerbeyondcorpgoogle-cloudiap+3
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Implementing CISA Zero Trust Maturity Model

Implement the CISA Zero Trust Maturity Model v2.0 across the five pillars of identity, devices, networks, applications, and data to achieve progressive organizational zero trust maturity.

Zero Trust Architecture
applicationscisadata-securitydevices+7
ATT&CK, 3 mappingsNIST CSF, 4 mappingsAI RMF, 5 mappings
cybersecuritySkill

Implementing Device Posture Assessment in Zero Trust

Implementing device posture assessment as a zero trust access control by integrating endpoint health signals from CrowdStrike ZTA, Microsoft Intune, and Jamf into conditional access policies that enforce compliance before granting resource access.

Zero Trust Architecture
conditional-accesscrowdstrike-ztadevice-postureendpoint-compliance+3
ATT&CK, 3 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Implementing Identity Verification for Zero Trust

Implement continuous identity verification for zero trust using phishing-resistant MFA (FIDO2/WebAuthn), risk-based conditional access, and identity governance aligned with the CISA Zero Trust Maturity Model.

Zero Trust Architecture
authenticationidentityidentity-verificationmfa+1
ATT&CK, 5 mappingsNIST CSF, 4 mappingsATLAS, 1 mappingAI RMF, 3 mappings
cybersecuritySkill

Implementing Microsegmentation with Guardicore

Implementing microsegmentation using Akamai Guardicore Segmentation to map application dependencies, create granular network policies, visualize east-west traffic flows, and enforce least-privilege communication between workloads across data centers and cloud.

Zero Trust Architecture
akamaieast-west-trafficguardicorelateral-movement+3
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Implementing Zero Trust DNS with NextDNS

Implement NextDNS as a zero trust DNS filtering layer with encrypted resolution, threat intelligence blocking, privacy protection, and organizational policy enforcement across all endpoints.

Zero Trust Architecture
dnsdns-filteringdns-over-httpsdns-over-tls+5
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Implementing Zero Trust for SaaS Applications

Implementing zero trust access controls for SaaS applications using CASB, SSPM, conditional access policies, OAuth app governance, and session controls to enforce identity verification, device compliance, and data protection for cloud-hosted services.

Zero Trust Architecture
casbconditional-accessoauth-governancesaas-security+3
ATT&CK, 5 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Implementing Zero Trust Network Access with Zscaler

Implement Zero Trust Network Access using Zscaler Private Access (ZPA) to replace traditional VPN with identity-based, context-aware access to private applications through the Zscaler Zero Trust Exchange.

Zero Trust Architecture
network-accessvpn-replacementzero-trustzscaler+1
ATT&CK, 3 mappingsNIST CSF, 4 mappings
cybersecuritySkill

Implementing Zero Trust with HashiCorp Boundary

Implement HashiCorp Boundary for identity-aware zero trust infrastructure access management with dynamic credential brokering, session recording, and Vault integration.

Zero Trust Architecture
boundaryhashicorpidentity-aware-proxyjust-in-time-access+4
ATT&CK, 5 mappingsNIST CSF, 4 mappings