CISA Updates Zero Trust Maturity Model With Public Feedback

The US Cybersecurity and Infrastructure Security Agency (CISA) published the second version of its Zero Trust Maturity Model on Tuesday, which incorporates recommendations from a public comment period.

The updated guidelines aim to further the federal government’s progress toward a zero trust approach to cybersecurity in support of the new National Cybersecurity Strategy.

Read more on the strategy here: White House Launches National Cybersecurity Strategy

Writing in a blog post, CISA explained that while the Zero Trust Maturity Model is primarily intended for federal agencies, other organizations should also review the guidance to advance their progress toward a zero trust model.

“CISA has been acutely focused on guiding agencies, who are at various points in their journey, as they implement zero trust architecture,” explained Chris Butera, technical director for cybersecurity at CISA. 

“As one of many roadmaps, the updated model will lead agencies through a methodical process and transition towards greater zero trust maturity. While applicable to federal civilian agencies, all organizations will find this model beneficial to review and use to implement their own architecture.”

The new model introduces an additional maturity stage called “initial” to the four stages of its predecessor: traditional, initial, advanced and optimal. The initial maturity stage is designed as a guide to identifying maturity for each of the five pillars of the Zero Trust Maturity Model: identity, devices, network, data, and applications and workloads.

The Zero Trust Maturity Model Version 2 also provides gradual implementation guidelines across the five pillars to facilitate implementation, enabling agencies to make incremental advancements toward the optimization of zero trust architectures.

The new model comes weeks after CISA unveiled its ransomware vulnerability warning program.