CISA’s Zero Trust Maturity Model is one of many roadmaps for agencies to reference as they transition towards a zero trust architecture. The goal of the maturity model is to assist agencies in the development of their zero trust strategies and implementation plans and present ways in which various CISA services can support zero trust solutions across agencies.

The maturity model, which include five pillars and three cross-cutting capabilities, is based on the foundations of zero trust. Within each pillar, the maturity model provides agencies with specific examples of a traditional, advanced, and optimal zero trust architecture.

Public Comment Period – NOW OPEN!

CISA drafted the Zero Trust Maturity Model in June to assist agencies in complying with the Executive Order. While the distribution was originally limited to agencies, CISA is excited to release the maturity model for public comment.

CISA is releasing the Zero Trust Maturity Model for public comment beginning Tuesday, September 7, 2021 and concludes on Friday, October 1, 2021. CISA is interested in gathering feedback focused on the following key questions:

• Has this document been helpful to your agency as you prepared your Cyber Executive Order zero trust implementation plan? If not, what guidance could be added?
• Does your agency have suggestions on how better to delineate the 5 pillars from the 3 crosscutting capabilities—Visibility and Analytics, Automation and Orchestration, and Governance?
• Which pillars do you think are the best defined and which pillars need help?
• How could the Zero Trust Maturity Model better support your agency’s Cyber Executive Order zero trust implementation plan?

Reviewers can submit their feedback to [email protected](link sends email). Following the close of the comment period, CISA will produce an updated version of the guidance.