CISA Simplifies Zero Trust Adoption with Updated Model

CISA has released Version 2.0 of its Zero Trust Maturity Model (ZTMM), offering a practical path for organizations to adopt a zero trust architecture and improve cybersecurity practices.

September 8, 2023

The Cybersecurity and Infrastructure Security Agency (CISA) recently released Version 2.0 of its Zero Trust Maturity Model (ZTMM), in an effort to simplify the transition for organizations to a zero trust architecture, building on feedback received on the initial version.

The first ZTMM version was launched in September 2021, in response to President Biden's cybersecurity Executive Order (EO) in May of the same year. This order set forth various cybersecurity initiatives, including the promotion of external zero trust architectures within federal government agencies. In January 2022, the Office of Management and Budget (OMB) reinforced these objectives by outlining specific cybersecurity standards and targets for agencies to achieve by the end of fiscal year 2024.

The updated model introduces four stages of maturity: Traditional, Initial, Advanced, and Optimal. The most significant change in this update from the previous version is the inclusion of the initial stage. This stage is designed for organizations starting their journey toward zero trust architecture. It focuses on automating attribute assignment, lifecycle configurations, policy decisions, enforcement, and the initial integration of systems across the various pillars, as outlined by CISA.

Recognizing the complexity involved in adopting a zero trust architecture, the addition of this new stage is intended to offer organizations a more practical path toward implementation. With this updated model, CISA is not only promoting stronger cybersecurity practices but also making it more accessible for organizations to take the necessary steps toward a safer digital future.

The latest ZTMM version is a practical roadmap for advancing zero trust maturity. Explore the Optm Zero Trust Maturity Model Guide for insights on these enhancements and best practices to integrate zero trust principles into your cybersecurity strategy.