CISA Releases Zero Trust Maturity Model for Public Comment

The maturity model was drafted in June to help federal agencies comply with an executive order and is now ready for feedback.

Dark Reading Staff, Dark Reading

September 7, 2021

1 Min Read
Dark Reading logo in a gray background | Dark Reading

The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) today released a draft of its Zero Trust Maturity Model for public comment.

CISA's Zero Trust Maturity Model was designed as a road map for agencies to reference as they develop and implement their zero-trust architecture. The maturity model, drafted in June,  was initially distributed to agencies and, as of today, is available for public feedback. The agency will collect input until Oct. 1, 2021, and will later publish an updated version based on comments.

The maturity model includes five pillars and three cross-cutting capabilities, officials state in a release, and it's based on the foundations of zero trust. Each pillar is meant to provide agencies with examples of a traditional, advanced, and optimal zero-trust architecture. The pillars are Identity, Device, Network/Environment, Application Workload, and Data.

CISA is specifically interested in collecting feedback on a list of questions:

  • Has this document been helpful to your agency as you prepared your Cyber Executive Order zero trust implementation plan? If not, what guidance could be added?

  • Does your agency have suggestions on how better to delineate the 5 pillars from the 3 crosscutting capabilities—Visibility and Analytics, Automation and Orchestration, and Governance?

  • Which pillars do you think are the best defined and which pillars need help?

  • How could the Zero Trust Maturity Model better support your agency’s Cyber Executive Order zero trust implementation plan?

Read CISA's release for more details and to access the draft.

About the Author

Dark Reading Staff

Dark Reading

Dark Reading is a leading cybersecurity media site.

Keep up with the latest cybersecurity threats, newly discovered vulnerabilities, data breach information, and emerging trends. Delivered daily or weekly right to your email inbox.

You May Also Like


More Insights