The Cybersecurity and Infrastructure Security Agency has released the second version of its framework to advance the implementation of zero trust architecture across the federal government.
CISA said Tuesday the Zero Trust Maturity Model version 2 incorporates feedback and recommendations received from the public in 2021 and includes a new stage called “Initial” to identify maturity for each zero trust technology pillar.
The latest version adds new functions and updates to existing ones to guide zero trust transition plans throughout the four maturity stages.
“As one of many roadmaps, the updated model will lead agencies through a methodical process and transition towards greater zero trust maturity. While applicable to federal civilian agencies, all organizations will find this model beneficial to review and use to implement their own architecture,” said Chris Butera, technical director for cybersecurity at CISA.
The framework also outlines five pillars of achieving zero trust maturity: identity, devices, network, data and applications and workloads. Each pillar provides details on three cross-cutting capabilities: visibility and analytics, automation and orchestration and governance.