Zero Trust Maturity Model

CISA’s Zero Trust Maturity Model is one of many roadmaps for agencies to reference as they transition towards a zero trust architecture. The goal of the maturity model is to assist agencies in the development of their zero trust strategies and implementation plans and present ways in which various CISA services can support zero trust solutions across agencies.

The maturity model, which include five pillars and three cross-cutting capabilities, is based on the foundations of zero trust. Within each pillar, the maturity model provides agencies with specific examples of a traditional, advanced, and optimal zero trust architecture.

Public Comment Period – CLOSED

CISA drafted the Zero Trust Maturity Model in June to assist agencies in complying with the Executive Order. While the distribution was originally limited to agencies, CISA was excited to release the maturity model for public comment from Tuesday, September 7, 2021 to Friday, October 1, 2021. CISA is working to adjudicate the comments and produce an updated version of the guidance.

Zero Trust Maturity Model

Public Comment Period – CLOSED

Resource Materials

Cybersecurity Advisory Committee (CSAC) Subcommittee Fact Sheet

CISA Cybersecurity Advisory Committee (CSAC) Fact Sheet

CISA Cybersecurity Advisory Committee (CSAC) Meeting Resources

2022 Cybersecurity Advisory Committee (CSAC) Reports and Recommendations

Zero Trust Maturity Model

Public Comment Period – CLOSED

Resource Materials

Related Resources

Cybersecurity Advisory Committee (CSAC) Subcommittee Fact Sheet

CISA Cybersecurity Advisory Committee (CSAC) Fact Sheet

CISA Cybersecurity Advisory Committee (CSAC) Meeting Resources

2022 Cybersecurity Advisory Committee (CSAC) Reports and Recommendations