The US Cybersecurity and Infrastructure Security Agency (CISA) published the second version of its Zero Trust maturity model on Tuesday. It incorporates recommendations from the public comment period.
The updated guidelines are intended to facilitate federal progress toward a Zero Trust approach to cybersecurity in support of the new National Cybersecurity Strategy.
Learn more about the strategy here: The White House Announces National Cybersecurity Strategy
In a blog post, CISA explains that while the Zero Trust maturity model is primarily aimed at federal agencies, other organizations should also review their guidance and move toward a Zero Trust model.
“CISA has been focused on guiding agencies at various stages in implementing a Zero Trust architecture,” explains Chris Butera, Technical Director of Cybersecurity at CISA.
“As one of many roadmaps, the updated model will move agencies toward an orderly process and move toward greater Zero Trust maturity. You may find it beneficial to explore this model and use it to implement your own architecture.”
The new model introduces an additional maturity stage called “Early” to the traditional four stages (Traditional, Early, Advanced, and Optimal). The early stage of maturity is designed as a guide to identify the maturity of his five pillars of the Zero Trust Maturity Model: Identity, Device, Network, Data, and Applications and Workloads.
The Zero Trust Maturity Model Version 2 also provides step-by-step implementation guidelines across five pillars for ease of implementation, helping government agencies make incremental progress towards optimizing their Zero Trust architecture.
The new model comes a few weeks after CISA announced its Ransomware Vulnerability Warning Program.
