The latest US Government Cyber Strategy aims to implement Zero Trust broadly across Government and critical infrastructure. Zero Trust is described as "Never trust, always verify" and is mostly seen in reference to protecting access to resources by entities, i.e. Is Larry E (Entity) allowed to access this Oracle database (Resource)? This concept applies broadly to any situation where an Entity requests access to a Resource; a trust check is performed and if successful the Entity is allowed to access a Resource where further authorization checks are performed.
This is the traditional concept people think of with Zero Trust.
But the digital age is demanding more "verifiable trust" to offset the "systemic risk" we now face from multiple cyber risks, such as malicious software, software vulnerabilities, fake articles produced using AI, as well as the "Zero Trust Bond" trust verification that is typically associated with the "Zero Trust" concept described above. This raises the need for a "Trust Control Plane" in the digital age to manage, maintain and verify trust in digital objects, broadly, including IoT products, digital artifacts, resources, entities and Zero Trust Bonds linking Entities with Resources in a trust relationship, etc. NIST describes the Zero Trust Control Plane requirements in SP 800-207.
Trust management and verification has its own domain control plane, where trustworthiness and trust verification, are the goals of the control plane, that implements an IETF SCITT "Trust Registry" concept using a "Trust Trinity", i.e. the "SAG Trust Trinity" (TM) to govern and enforce Trust Registry registration policies using "trust declaration evidence" submitted into a Trust Registry Trust Queue where an independent Trust Registry Gatekeeper is responsible for enforcing Registration policies provided by a Registration Policy Owner that defines what is required to be registered in the Trust Registry as a trusted object for all types of digital objects, including a Zero Trust Bond object that states "This Entity is trusted to access this Resource" expressed as a unique ZTBOND object in the Trust Registry that needs to be verified for trustworthiness as a precursor. A "Trust Control Plane" is a critical component and key enabler within "Enterprise Cyber Risk Management" (ECRM) implementations.
Three roles make up the SAG Trust Trinity(TM):
1. A SAG-CTR(TM) Trust Label Owner that defines transparent Registration Policies and the criteria for something to become a "Trusted Object" and authorizes trusted risk assessors to submit Trust Declarations for their Trust Label to SAG-CTR. The owner is the very foundation of all Trust in teh Trust Control Plane. For example, the FCC is the Label owner for the US Cyber Trust Mark. Registration policies define which digital objects, i.e. products/artifacts/ZTBOND are in scope along with registration criteria.
2. Authorized, Trusted product Risk Assessors that perform risk assessments and submit Trust declarations to SAG-CTR(TM) for a specific Label Type and Product Category (Trusted Object Type) when a digital object meets label owner registration policies; a ZTBOND is one of many unique product categories in SAG-CTR(TM). Risk Assessors MUST be authorized and credentialed by a Trust Label Owner.
3. The independent SAG-CTR(TM) Gatekeeper operating as an honest broker that enforces label owner Registration Policies and validates submitted Trust Declarations evidence data from authorized Risk Assessors before placing an entry in the Product Trust Registry. Ensures the integrity, trustworthiness and resilience of the SAG-CTR Registry operations, data and procedures.
Each colored bubble represents an industry sector with a set of trusted parties that perform the Risk Assessor risk assessment functions, based on Registration Owner policies. Each object that is subjected to a risk assessment, per Registration Owner Policies, is identified with a Digital DNAID (ProductID) that uniquely identifies the studied object in a "Trust Registry" producing evidence data. After completing a risk assessment the Risk Assessor submit a "Trust Declaration" along with this evidence data into the Trust Registry "Trust Queue" where it becomes the responsibility of the Gatekeeper to evaluate the submitted data against Registration Owner registration policies, which determine if the object is place into the "Trust Registry" as a "Trusted Object".
A Registration Policy owner, represented by a unique "Label Icon" may choose to make the public or others aware of the newly trusted object in the Trust Registry using a QR Code or hyperlink URL (EXAMPLE ONLY MOCK CONTENT AND QR CODE):
The "Trust Control Plane" concept described in this article has been operational since 2021 to manage and verify trusted objects for all types of "Digital DNA ID" from software applications to SBOM's, IoT devices and, of course "Zero Trust Bonds" for Zero trust verification:
NIST provides additional implementation Guidance for Zero Trust in this document. Here is an example label display for a Zero Trust Bond record for the SAG-CTR Trust Registry (Entity DNAID) and a shared API implemented in SAG-CTR (Resource DNAID) indicating that a trust relationship (Trust Bond DNAID) exists between an EntityID and ResourceID in a specific Zero Trust Domain:
Microsoft CoPilot summarizes the importance of the "Trust Registry" and "Trust Control Plane" for the digital age: