This week, the US Cybersecurity and Infrastructure Security Agency (CISA) published an updated version of its guidance on how to achieve zero trust maturity.
Zero trust is an approach to security that assumes that a breach has already occurred and is based on the idea that no user or asset should be trusted. The goal of a zero trust architecture is to prevent unauthorized access to sensitive assets and to ensure granular access control enforcement.
CISA’s Zero Trust Maturity Model version 2.0 (PDF) provides federal agencies and other organizations with a roadmap for transitioning to a zero trust architecture. The model includes five pillars – identity, devices, networks, applications and workloads, and data – and outlines four stages to achieving a maturity model, namely traditional, initial, advanced, and optimal, which are combined with three cross-cutting capabilities, namely visibility and analytics, automation and orchestration, and governance.
Organizations looking to transition to zero trust first need to assess their environments – including systems, processes, infrastructure, personnel, and resources – to identify existing capabilities they can build upon as well as gaps that need to be addressed.
Implementing a zero trust architecture is a lengthy process that often takes years and incurs additional costs, faces various challenges, and requires engagement and cooperation at all enterprise levels.
The new zero trust maturity model document is accompanied by CISA’s Applying Zero Trust Principles to Enterprise Mobility (PDF) guidance, which describes how zero trust principles can be applied to mobile security technologies.
In summary, the US Cybersecurity and Infrastructure Security Agency (CISA) released its second version of the Zero Trust Maturity Model version 2.0 guidance which provides organizations with a roadmap for transitioning to a zero trust architecture. This model includes five pillars and four stages of maturity, combined with three cross-cutting capabilities, to help organizations identify and address gaps in their existing security capabilities. The document is accompanied by the Applying Zero Trust Principles to Enterprise Mobility guidance which outlines how zero trust principles can be applied to mobile security technologies.
Key Points:
- The US Cybersecurity and Infrastructure Security Agency (CISA) released its second version of the Zero Trust Maturity Model version 2.0 guidance.
- Zero trust is an approach to security that assumes a breach has already occurred and no user or asset should be trusted.
- The model includes five pillars and four stages of maturity, combined with three cross-cutting capabilities, to help organizations identify and address gaps in their existing security capabilities.
- The document is accompanied by the Applying Zero Trust Principles to Enterprise Mobility guidance which outlines how zero trust principles can be applied to mobile security technologies.