CCZT Knowledge Guide

The Certificate of Competence in

Zero Trust

Prepare for the industry’s

first authoritative Zero Trust
training and certificate.
Introduction to the CCZT Download Study
With rapid technological advances, new security vulnerabilities are constantly emerging. The Zero Trust model, which Materials

“
operates on the principle of ‘never trust, always verify’, is quickly rising as the most favored cybersecurity strategy to prevent
breaches. Recognizing that organizations have varying security postures and may be challenged to find skilled staff critical to
the development and implementation of a Zero Trust strategy,
CISA Zero Trust Maturity Model Benefits of having
CSA created the Certificate of Competence in Zero Trust (CCZT).
The CCZT includes foundational Zero Trust best practices I’m extremely grateful to the Cloud Security Alliance
Created by the Cybersecurity & Infrastructure Security Agency (CISA), the
your CCZT
released by leading authoritative sources such as, CISA and for taking up the Zero Trust banner with the delivery
Zero Trust Maturity Model is a critical Zero Trust tool CCZT students should
NIST, innovative work around the Software Defined Perimeter of the CCZT, the world’s first authentic, non-vendor- reference as they study for the exam. The maturity model provides guidance
(SDP) by CSA Research, and guidance from renowned Zero
specific training and certificate that delivers the on the development of Zero Trust strategies and implementation plans as an
Trust experts such as John Kindervag, Founder of the Zero Trust
philosophy. This integration of expertise uniquely positions CSA
knowledge needed to understand the core concepts organization moves to a more mature security posture. The maturity model,
of Zero Trust. The sheer volume of passionate which includes five pillars and three cross-cutting capabilities, is based on
as the authoritative source to deliver the industry’s first holistic
the foundations of Zero Trust. Within each pillar, the maturity model provides
benchmark for measuring Zero Trust knowledge. volunteers CSA has been able to bring together to
specific examples of traditional, initial, advanced, and optimal Zero Trust
collaborate on the development of Zero Trust tools
architectures.
Keep up with innovation
The certificate provides an in-depth understanding of Zero Trust and best practices is incredibly exciting. Demand for Zero Trust training is increasing.
architecture, the drivers, benefits, and how to plan for adoption.
According to Gartner, 60% of organizations are
Earning the CCZT is critical for security professionals seeking to Download Now
John Kindervag expected to embrace Zero Trust by 2025.
advance their careers and for organizations who must maintain
strong security postures. Earning the CCZT ensures professionals Creator of Zero Trust,
are equipped to implement the robust security measures required Chief Evangelist at Illumio NIST Zero Trust Architecture
from taking a Zero Trust approach. (SP 800-207)
The US National Institute of Standards and Technology (NIST) Zero Trust
Architecture (ZTA) document describes ZT for enterprise security architects. It
is meant to aid understanding of ZTA and provide an enterprise implementation
Build a competent workforce
roadmap for zero trust security concepts. This includes information on how
and further individual
Who should earn the CCZT?
Cybersecurity managers and network administrators may also gain ZTA insight
from IT. This document is not intended to be a single deployment plan for development
ZTA as enterprises will have unique business use cases and data assets to The CCZT builds a workforce that is proficient
safeguard. Instead, it provides a starting point with a solid understanding of the in implementing and managing Zero Trust
organization’s business and data will result in a strong approach to zero trust. models. This is crucial to keep up with evolving
With Zero Trust established as the future of information
cybersecurity threats.
security, a Zero Trust based approach will inevitably
Download Now
become a requirement for organizations and a
required skill for security professionals. Here are just
a few examples of those who should prepare for this NSTAC Report: Zero Trust and Trusted
inevitability with the CCZT:
Identity Management
• The C-Suite, managers, and decision makers to The US President’s National Security Telecommunications Advisory
build a Zero Trust governance and risk posture Committee (NSTAC) report focuses on Zero Trust and Trusted Identity Ineffectiveness of
• Security engineers, architects, analysts, and Management. This report provides valuable guidance and recommendations traditional security
for implementing Zero Trust and trusted identity management in systems. It
administrators to protect devices and build/ Traditional models are not effective against
helps organizations enhance their cybersecurity posture and protect critical modern threats. Zero Trust assumes no user or
automate controls
infrastructure by adopting a Zero Trust approach. The report emphasizes device can be trusted. Earning the CCZT ensures
• Compliance managers to identify the key components of their Zero Trust governance the significance of strong identity management practices in ensuring secure professionals are equipped to implement the
framework and how it supports an organization’s risk and compliance programs access and authentication within a Zero Trust environment, which is crucial robust security measures required from taking a
• Government agencies looking for training to meet federal mandates, enhance cybersecurity for safeguarding sensitive information and preventing unauthorized access. Zero Trust approach.
and ensure compliance with security directives
Download Now

2 © Copyright 2024, Cloud Security Alliance. All rights reserved. © Copyright 2024, Cloud Security Alliance. All rights reserved. 3
Additional Study Materials No Prerequisites Required
There are no prerequisites required for the CCZT, however it is helpful to have your Certificate of
CSA Research Publications Cloud Security Knowledge (CCSK) or a basic understanding of security fundamentals. Completing
CCZT training is also highly recommended to prepare for the CCZT exam.
CSA Research is created by the industry for the industry and is both vendor-neutral and consensus
driven. Our Zero Trust research publications are created by subject matter experts who volunteer
for CSA’s Zero Trust working group which focuses on developing Zero Trust principles to achieve
consistency for cloud, hybrid and mobile endpoint environments.

To best prepare for the CCZT exam, we recommend reading, at minimum, the following publications
Topics and Domains
from the Zero Trust working group. For additional industry leading resources, check out the Zero
Trust Resource Hub. Topics
The following are the core topics covered throughout the exam. Some topics are covered in
Communicating the Business Value of multiple domains.

Zero Trust Zero Trust Foundational Zero Trust Strategy

Closing the gap between technical and non-technical or non-security Concepts In-depth examination of the Zero Trust
framework from a strategic perspective, from
audiences to improve communication of strategic business value that a General concepts, definitions, goals,
its alignment with organizational objectives,
Zero Trust approach can bring. objectives and benefits of Zero Trust.
to implementation tactics and cultural shifts
required for effective adoption.
Software Defined Perimeter
Download Now The core tenets, underlying technologies,
main architectural components, and Zero Trust Planning
In-depth examination of the crucial
technology and business benefits of SDP,
Zero Trust Guiding Principles a ZTA solution. facets of Zero Trust planning from initial
considerations such as stakeholder
Providing a clear understanding of what Zero Trust security is and the identification and defining your protect
Industry Best Practices surfaces, to organizational security policies
guiding principles that any organization can leverage when planning,
Developing best practices in Zero Trust by
implementing and operating Zero Trust. and compliance.
examining authoritative sources such as CISA’s
Zero Trust Maturity Model and NIST’s Zero
Trust Architecture (SP 800-207), among others. Zero Trust Implementation
In-depth examination of the crucial facets
of Zero Trust implementation, from
Download Now Zero Trust Architecture creating project kick-off documents and
Logical models, key components, workflows, disaster planning, to setting up the network
and design of Zero Trust Architecture.
Zero Trust as a Security Philosophy environment, deploying agents to devices,
and adding automation.

Taking a vendor and technology-neutral look at what Zero Trust

means for an organization and providing recommendations to develop
Domains
a strategy and the supporting architecture necessary to align IT to
business goals and outcomes. The following are the seven domains that provide the structure of the CCZT exam. Domains may
include reference to more than one topic area listed above.

1. Zero Trust and Zero Trust Architecture general 4. Software Defined Perimeter
Download Now
concepts and definitions 5. Zero Trust Strategy
2. Zero Trust goals, objectives, and benefits 6. Zero Trust Planning
3. Zero Trust Architecture logical model and key 7. Zero Trust Implementation
components

4 © Copyright 2024, Cloud Security Alliance. All rights reserved. © Copyright 2024, Cloud Security Alliance. All rights reserved. 5
Choose How to Study Exam Format
The CCZT is an open-book, online exam with 60 multiple-choice
Option 1 questions covering seven core areas of Zero Trust knowledge. Testers
Study on your own have two attempts to complete the exam in the allotted 120-minute
timeframe and achieve a minimum passing score of 80%.
Use the free CCZT Prep-Kit to facilitate your independent
learning style. The kit includes this knowledge guide, FAQ,
overview presentation, and authoritative sources to help you Question Format
prepare. Comprehensive CCZT Study Guides are included with
the purchase of all CCZT exam tokens. To access the Study All questions are multiple choice or true or false. Comprehensive study guides are included in the
Guides, purchase your CCZT exam token then begin your self- purchase of any CCZT exam or training.
paced study. Download the CCZT Prep-Kit and purchase your
exam token to get started.
Exam Difficulty
It may be open-book, but don’t underestimate the difficulty of this exam. Questions are selected
Option 2 at random from the CCZT question pool, so having a solid understanding of each domain and the
Self-paced training online authoritative sources included in the recommended study materials is essential if you want to pass.

If you need training flexible enough for your schedule and budget,
self-paced online training may be a good fit. The CCZT self- Domains # of Questions
paced training delivers the fundamentals needed to understand
the core concepts of Zero Trust covered in the exam. You can
complete CCZT modules on-the-go, without any deadlines, at a 1 Zero Trust and Zero Trust Architecture 6
pace that’s right for you. Access the training on CSA’s Knowledge
general concepts and definitions
Center.

2 Zero Trust goals, objectives, and benefits 4

Option 3 3 Zero Trust Architecture logical model and 3

Instructor-led training online key components

The online, instructor-led CCZT training is good for organizations 4 Software Defined Perimeter 8
with a tight travel budget or individuals who prefer a more
personal instruction. You can learn remotely, while still being 5 Zero Trust Strategy 12
able to ask questions and interact with your instructor. Look for
available instructor-led online classes or contact CSA support for
information on custom in-person or online training options.
6 Zero Trust Planning 16

7 Zero Trust Implementation 11

6 © Copyright 2024, Cloud Security Alliance. All rights reserved. © Copyright 2024, Cloud Security Alliance. All rights reserved. 7
Take the Exam Share your Expertise
Forge industry connections
1 2 3 on Circle
Connect with other CCZT holders or share your knowledge with
Register on the CSA Purchase a CCZT Take the exam CCZT students on Circle, CSA’s online community forum that
provides a space for professionals, novices and visionaries to
Exams website exam token
Make sure you have thoroughly share information. Share tips learned from taking the training or
studied the exam materials exam, and gain insight from other industry leaders in Zero Trust to
Simply create an account to Each CCZT exam token
and reviewed your notes if you continue your learning journey.
register for the exam. Because provides you with two test
the exam is online, you can attempts. If you choose to took a training course.
take the test where and when enroll in a training course, a
you want after purchasing an complimentary exam token is Join a Research working group
exam token. included.
After earning your Certificate of Competence in Zero Trust, start
applying your knowledge by volunteering for CSA’s Zero Trust
working group. Focused on developing Zero Trust standards
to achieve consistency for cloud, hybrid and mobile endpoint
environments, your successful completion of the CCZT provides
After Passing the Exam you with the necessary skill and expertise to help us create best
practices and guidance in Zero Trust. Whether you are looking to
join as an observer or author a research report, we encourage you

CPE credits to join. Our working groups are comprised of a diverse network of
industry practitioners and corporate members that continuously
cycle through researching, analyzing, formulating and delivering
Although there are currently no official CPE designations for any of CSA’s training courses, we do arguably the most advanced research and tools available across
issue a certificate of completion with a stated number of hours to complete the course for all courses the cloud security spectrum.
we offer. You can then use this certificate of completion for CPE credit submission, but it will be
determined if it qualifies for CPE credit by whomever receives your request. The online self-paced
training automatically gives attendees 13 hours. ZTAC Resource Hub

Digital badge CSA’s Zero Trust Advancement Center (ZTAC) aims to construct
an impartial perspective of Zero Trust and what it means to
organizational leaders looking to build a Zero Trust strategy. The
A CCZT digital badge is issued upon successful completion of ZTAC Resource Hub is a curated collection of the most important
the exam. Leverage the CCZT digital badge on your social media Zero Trust publications in the industry, displaying the most
channels and resume to showcase your knowledge and validate current and relevant Zero Trust content. Sharpen your Zero Trust
your expertise. knowledge and stay up to date with these resources, or submit
your own industry leading content on Zero Trust to the Resource
Hub for consideration.

8 © Copyright 2024, Cloud Security Alliance. All rights reserved. © Copyright 2024, Cloud Security Alliance. All rights reserved. 9
Online training based on CSA’s 
vendor-neutral research
Level up your cloud computing knowledge with the variety of
CSA online courses and certificates for beginners and pros alike.

knowledge.cloudsecurityalliance.org