CISA’s updated Zero Trust Maturity Model released

On April 11, the Cybersecurity and Infrastructure Security Agency (CISA) published Zero Trust Maturity Model version 2, incorporating recommendations from a public comment period, and furthering the federal government’s continued progress toward a zero trust approach to cybersecurity in support of the National Cybersecurity Strategy. While the Zero Trust Maturity Model is specifically intended for federal agencies, all organizations should review this guidance and take steps to advance their progress toward a zero trust model.

Zero trust is an approach where access to data, networks and infrastructure is kept to what is minimally required and the legitimacy of that access must be continuously verified. Recognizing that organizations begin their journey toward zero trust architectures from different starting points, the update to the Zero Trust Maturity Model includes a new maturity stage called “Initial” that can be used as a guide to identify maturity for each pillar. In all four stages of maturity (Traditional, Initial, Advanced, and Optimal), CISA has also added several new functions and updated existing functions to consider when organizations plan and make decisions for zero trust architecture implementation.

“CISA has been acutely focused on guiding agencies, who are at various points in their journey, as they implement zero trust architecture,” said Chris Butera, Technical Director for Cybersecurity, CISA. “As one of many roadmaps, the updated model will lead agencies through a methodical process and transition towards greater zero trust maturity. While applicable to federal civilian agencies, all organizations will find this model beneficial to review and use to implement their own architecture.”

The updated maturity model provides a gradient of implementation across the five distinct pillars to facilitate implementation, allowing agencies to make minor advancements over time toward optimization of zero trust architecture. The five pillars of the Zero Trust Maturity Model are: Identity; Devices; Network, Data, and Applications and Workloads.

Source: CISA

Your competitors read IC News each day. Shouldn’t you? Learn more about our subscription options, and keep up with every move in the IC contracting space.