[CDP-development] CISA Releases Update to Zero Trust Maturity Model

Tue Apr 11 07:29:16 PDT 2023

FYSA

The Cybersecurity and Infrastructure Security Agency (CISA) released Zero Trust Maturity Model (ZTMM) version 2<https://www.cisa.gov/resources-tools/resources/zero-trust-maturity-model>, which provides a roadmap for agencies to reference as they transition towards a zero trust architecture. While the Zero Trust Maturity Model is specifically intended for federal agencies, all organizations should review this guidance and take steps to advance their progress toward a zero trust model.

In this update, a new maturity stage was added to the model that organizations can use as a guide to identify maturity for each pillar and give consistency for a more gradual maturity evolution. The new stage, "Initial," was added in part due to the recognition that federal agencies are at various points in starting their evolution towards zero trust architecture. Where the "Traditional" starting stage provided criteria based on manually configured attributes, lifecycles and other criteria, the "Initial" stage provides criteria for those agencies that are starting automation. For all four stages of maturity, CISA added several new functions and/or updated existing ones that should be considered when planning and making decisions for zero trust architecture implementation. The four criteria are: Traditional, Initial, Advanced, and Optimal.

Also, the updated maturity model provides a gradient of implementation across the five distinct pillars to facilitate implementation, allowing organizations to make minor advancements over time toward optimization of zero trust architecture.  The five pillars of the Zero Trust Maturity Model are: Identity; Devices; Network, Data, and Applications and Workloads.

Updates are outlined in the Zero Trust Maturity Model Response to Comments<https://www.cisa.gov/resources-tools/resources/zero-trust-maturity-model-response-comments>.

All organizations are encouraged to review this roadmap and other zero trust resources on our Zero Trust Maturity Model webpage<https://cisa.gov/zero-trust-maturity-model>.

Theresa A. Masse
Cybersecurity State Coordinator/Advisor, Region 10 (Oregon)
Cybersecurity and Infrastructure Security Agency
Department of Homeland Security
Phone: (503) 930-5671
Email: theresa.masse at cisa.dhs.gov<mailto:theresa.masse at cisa.dhs.gov>

[cid:image001.png at 01D96C47.42E0D910]

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20230411/5914070a/attachment-0001.html>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: image001.png
Type: image/png
Size: 16152 bytes
Desc: image001.png
URL: <https://omls.oregon.gov/pipermail/cdp-development/attachments/20230411/5914070a/attachment-0001.png>