So, I have been doing more in-depth reading on Zero Trust Architecture (ZTA).

Side note – I will share my reading list in a future post.

As I read the Department of Defense’s Zero Trust Reference Architecture, Version 1.0 (February 2021) document, I came across a solid definition of reference architecture:

Reference Architecture is an authoritative source of information
about a specific subject area that guides and constrains the instantiations of multiple
architectures and solutions.

This may see simple, but I bet there is a joke that starts with: two architects walk into a bar to define “reference architecture” and….well, you get the idea.

Below is an excerpt from the scope section of the same document referenced above. I highlighted some key words that can be used to extrapolate other important attributes of a reference architecture.

The content was built to align with the DOD Information Enterprise Architecture (IEA) for consistent mapping of terminology and ease of use as an implementation reference. The scope of the DOD Zero Trust Architecture (ZTA) effort is specifically to determine capabilities and integrations that can be used to successfully advance the Department of Defense Information Network (DODIN) into an interoperable Zero Trust end state. The architecture focused on data-centric design, while maintaining loose coupling across services to maximize interoperability. Other initiatives (e.g. ICAM, Public Key Infrastructure (PKI), etc.) to protect the DODIN are not the subject of this reference architecture but may be shown in some cases to provide additional context for ZTA alignment with DOD IEAs. This Reference Architecture describes Enterprise standards and capabilities. Single products/suites can be adopted to address multiple capabilities. Integrated vendor suites of products rather than individual best of breed components will assist in reducing cost and risk to the government. This document will evolve as requirements, technology, and best practices evolve and mature. Zero Trust promotes individual journey to a collaborative goal of continuous Zero Trust enhancements, while also incorporating best practices, tools, and methodologies of industry.

So, other important attributes of a reference architecture include:

1. Aligns with a larger and single Enterprise Architecture
2. Uses consistent language and layout for ease of use and orientation by customers
3. Defined scope
4. Outlines what is not in scope
5. Describes standards and capabilities
6. Evolves and is updated as requirements, technology and best practices changes, mature or evolve