WASHINGTON – The Cybersecurity and Infrastructure Security Agency (CISA) published Zero Trust Maturity Model version 2, incorporating recommendations from a public comment period, and furthering the federal government’s continued progress toward a zero trust approach to cybersecurity in support of the National Cybersecurity Strategy. While the Zero Trust Maturity Model is specifically intended for federal agencies, all organizations should review this guidance and take steps to advance their progress toward a zero trust model.
Zero trust is an approach where access to data, networks, and infrastructure is kept to what is minimally required and the legitimacy of that access must be continuously verified. Recognizing that organizations begin their journey toward zero trust architectures from different starting points, the update to the Zero Trust Maturity Model includes a new maturity stage called “Initial” that can be used as a guide to identify maturity for each pillar. In all four stages of maturity (Traditional, Initial, Advanced, and Optimal), CISA has also added several new functions and updated existing functions to consider when organizations plan and make decisions for zero trust architecture implementation.