We have described the CSAP ZTF in Part 5A of the CSAP documentation, and all of the CSAP documentation can be found on the MovieLabs Production Security Website.
These Zero Trust Recommended Practices extend the earlier Enhanced Content Protection for Production (ECPP). ECPP is a set of recommended practices for the security of cloud services used in the production of motion picture and television content. The Zero Trust Recommended Practices require that recommended practices in ECPP are followed and do not repeat them.
It is worth stating that these recommended practices for zero trust are not intended to be used as the means of assessing or evaluating a deployment of zero trust.
The document does not provide any background on zero trust or go into details about how it works because we expect that anyone applying the recommended practices to a zero trust deployment has a suitable understanding of zero trust architecture and how to deploy it.
However, we don’t anticipate those will be the only readership.
What we have done for those who want to understand more about zero trust to put a context around the recommended practices, or want to find out about potentially new concepts such as the protect surface1, is to include references to an excellent selection of information available on the MovieLabs website, on US Federal Government websites including the National Institute of Standards and Technology (NIST), the UK’s National Cyber Security Centre, the Cloud Security Alliance and a curated selection of information from security vendors.
You can start out you journey to understanding zero trust with the MovieLabs video, Zero Trust and Protecting Cloud Production.
The first use of these recommended practices is in the deployment of zero trust security in general: both in media production and in enterprises that don’t make content. Earlier we stated that the CSAP Zero Trust Foundation is zero trust as might be deployed in any organization, and these recommended practices are not specific to media production.
The second use is taking the first step to a CSAP level 100 deployment. CSAP level 100 is the CSAP Zero Trust Foundation with functionality that does make it media production specific. The added functionality is, for example, specific to how production workflows are carried out.
We hope that reading this will help you as you deploy zero trust security and do so in a way that is the foundation for CSAP. If you have questions or comments on the new document, you can reach out to us at [email protected].
