CISA Updates its Zero Trust Maturity Model
The Cybersecurity and Infrastructure Security Agency (CISA) has released an updated version of its Zero Trust Maturity Model, the purpose of which is to help federal agencies adopt zero trust security. While the guidance is primarily intended for federal agencies, it can be used by any organization looking to improve its security posture through zero trust.
The traditional approach to security involves perimeter defenses to keep unauthorized individuals out of protected internal networks, where anyone inside the network is trusted. The perimeter security model has served organizations well for many years, but it is only effective when there is a border to protect and the vast majority of IT resources and critical assets are inside that border. Today, most networks are not entirely on-premises and remote working is now common, so many trusted individuals are outside of the border. Further, with perimeter security, if the perimeter is breached, an attacker could compromise large parts of the network, IT resources, and critical data. Zero trust is based on the assumption that a network has already been compromised and limits access to data, networks, and infrastructure to the minimum level, then constantly assesses the legitimacy of access through continuous verification.
CISA’s Zero Trust Maturity Model is based on 5 pillars – identity, devices, network, data, and applications and workloads – and can be used to assess the current level of zero trust maturity. Version 2 of the Zero Trust Security Model incorporates recommendations collected through the public comment period and sees the addition of a new maturity stage. There are now four maturity stages in the model – traditional, initial, advanced, and optimal. ‘Initial’ was added as CISA recognizes that organizations have different starting points on their journey to zero trust.
The updated Model also includes several new functions and updates to existing functions, which organizations should consider when they plan and make decisions about zero trust architecture implementation. The updated maturity model also provides a gradient of implementation across each of the five pillars to facilitate the implementation of zero trust, supporting organizations as they make minor advancements on their journey toward the full implementation of zero trust architecture.
Get The FREE
HIPAA Compliance Checklist
Immediate Delivery of Checklist Link To Your Email Address
Please Enter Correct Email Address
Your Privacy Respected
HIPAA Journal Privacy Policy
“CISA has been acutely focused on guiding agencies, who are at various points in their journey, as they implement zero trust architecture,” said Chris Butera, Technical Director for Cybersecurity, CISA. “As one of many roadmaps, the updated model will lead agencies through a methodical process and transition towards greater zero trust maturity.
