Step 1: Identifying Actors
List users with access to the network—both human and Non-Person Entities
Step 2: Identifying Assets
List of assets that enable administrators to configure, survey, and update enterprise assets.
Step 3: Identifying Key Processes
List data flows and business processes to inform needed access permissions
Step 4: Formulating Policies
Identify upstream and downstream resources and entities that are used by or affected by the workflow.
Step 5: Identifying Solutions
Create a list of solutions for each business process, taking into consideration several factors around users, locations, protocols supported, and other areas.
Step 6: Initial Deployment and Monitoring
Implement developed policies with testing mechanisms in place to understand baseline asset and resource access requests, behavior, and communication patterns.
Step 7: Expanding the Framework
Once initial deployment is tested and workflow policies are refined, network and assets are still monitored, and traffic is logged, stakeholder feedback is encouraged, and the next phase of Zero Trust Architecture can be planned and implemented. If significant changes to the system or workflow are made, the system needs to be modified as well.
