Anthropic-Cybersecurity-Skills/skills/implementing-beyondcorp-zero-trust-access-model/references/standards.md

BeyondCorp Zero Trust Standards & References

NIST SP 800-207: Zero Trust Architecture

• Section 2: Zero Trust Tenets - defines the core principles BeyondCorp implements
• Section 3.1: Policy Engine (PE) and Policy Administrator (PA) - maps to IAP and Access Context Manager
• Section 3.2: Trust Algorithm - corresponds to Access Levels evaluation
• Section 4.1: Device Agent/Gateway-Based Deployment - matches BeyondCorp connector model
• URL: https://csrc.nist.gov/publications/detail/sp/800-207/final

CISA Zero Trust Maturity Model v2.0 (April 2023)

• Identity Pillar: MFA enforcement, continuous validation - maps to IAP re-authentication
• Device Pillar: Device health monitoring, compliance enforcement - maps to Endpoint Verification
• Network Pillar: Micro-segmentation, encrypted traffic - maps to IAP tunnel encryption
• Application Pillar: Application access authorization - maps to per-service IAP policies
• Data Pillar: Data access governance, DLP - maps to Chrome Enterprise Premium DLP
• URL: https://www.cisa.gov/zero-trust-maturity-model

Google BeyondCorp Papers

• BeyondCorp: A New Approach to Enterprise Security (2014)
  • Describes the original BeyondCorp architecture eliminating the privileged intranet
  • URL: https://research.google/pubs/pub43231/
• BeyondCorp: Design to Deployment at Google (2016)
  • Details the migration strategy from VPN to BeyondCorp
  • URL: https://research.google/pubs/pub44860/
• BeyondCorp: The Access Proxy (2017)
  • Describes the access proxy component that became IAP
  • URL: https://research.google/pubs/pub45728/
• Migrating to BeyondCorp (2018)
  • Covers the phased migration approach and lessons learned
  • URL: https://research.google/pubs/pub46134/

Google Cloud IAP Documentation

• IAP Overview: https://cloud.google.com/iap/docs/concepts-overview
• IAP for Compute Engine: https://cloud.google.com/iap/docs/enabling-compute-howto
• IAP for App Engine: https://cloud.google.com/iap/docs/app-engine-quickstart
• Access Context Manager: https://cloud.google.com/access-context-manager/docs
• Endpoint Verification: https://cloud.google.com/endpoint-verification/docs
• BeyondCorp Enterprise: https://cloud.google.com/beyondcorp-enterprise/docs

NIST SP 800-63-3: Digital Identity Guidelines

• Section 4: Defines identity assurance levels (IAL1-3) relevant to access level design
• URL: https://pages.nist.gov/800-63-3/

DoD Zero Trust Reference Architecture v2.0

• Section 3.4: Identity, Credential, and Access Management pillar
• Section 3.5: Device pillar - endpoint compliance requirements
• URL: https://dodcio.defense.gov/Portals/0/Documents/Library/ZTRAv2.0.pdf