Deploying Software-Defined Perimeter

Prerequisites

• Understanding of zero trust principles (NIST SP 800-207)
• Knowledge of CSA Software-Defined Perimeter specification
• Familiarity with PKI and mutual TLS authentication
• Experience with network security architecture

Overview

A Software-Defined Perimeter (SDP) implements zero trust by creating a dynamically provisioned, identity-centric perimeter around individual resources. Defined by the Cloud Security Alliance (CSA), SDP makes application infrastructure invisible to unauthorized users through a "dark cloud" approach where services are hidden until authenticated and authorized. Unlike traditional VPN, SDP establishes one-to-one encrypted connections between verified users and specific applications.

This skill covers deploying SDP using the CSA v2.0 specification, implementing Single Packet Authorization (SPA), configuring the SDP controller and gateway, and validating the deployment against NIST SP 800-207 requirements.

When to Use

• When deploying or configuring deploying software defined perimeter capabilities in your environment