The 7 CCZT Exam Domains

1. Zero Trust Foundational Concepts: Covers the history, core tenets (NIST SP 800-207), and the "Never Trust, Always Verify" philosophy.

2. Software Defined Perimeter (SDP): Focuses on CSA’s research into SDP architecture, including controllers, gateways, and the "black cloud" concept.

3. Industry Best Practices: Incorporates guidance from authoritative bodies like CISA (Zero Trust Maturity Model) and NIST.

4. Zero Trust Architecture (ZTA): Deep dive into the logical components, data flows, and design prininciples.

5. Zero Trust Strategy: This is a newer addition focusing on aligning ZT with business goals, risk management, and organizational buy-in.

6. Zero Trust Planning: Covers gap analysis, identifying "Protect Surfaces," and documenting transaction flows.

7. Zero Trust Implementation: Focuses on the practical rollout, including identity-centric controls, micro-segmentation, and continuous monitoring.