The Department of Homeland Security's Cybersecurity and Infrastructure Security Agency (CISA) today released a draft of its Zero Trust Maturity Model for public comment.
CISA's Zero Trust Maturity Model was designed as a road map for agencies to reference as they develop and implement their zero-trust architecture. The maturity model, drafted in June, was initially distributed to agencies and, as of today, is available for public feedback. The agency will collect input until Oct. 1, 2021, and will later publish an updated version based on comments.
The maturity model includes five pillars and three cross-cutting capabilities, officials state in a release, and it's based on the foundations of zero trust. Each pillar is meant to provide agencies with examples of a traditional, advanced, and optimal zero-trust architecture. The pillars are Identity, Device, Network/Environment, Application Workload, and Data.
CISA is specifically interested in collecting feedback on a list of questions:
- Has this document been helpful to your agency as you prepared your Cyber Executive Order zero trust implementation plan? If not, what guidance could be added?
- Does your agency have suggestions on how better to delineate the 5 pillars from the 3 crosscutting capabilities—Visibility and Analytics, Automation and Orchestration, and Governance?
- Which pillars do you think are the best defined and which pillars need help?
- How could the Zero Trust Maturity Model better support your agency’s Cyber Executive Order zero trust implementation plan?
Read CISA's release for more details and to access the draft.