CISA Updates its Zero Trust Maturity Model

By Chad Cox

Production Editor

Embedded Computing Design

April 19, 2023


Washington, DC. The Cybersecurity and Infrastructure Security Agency (CISA) ratified its Zero Trust Maturity Model version 2. CISA received and evaluated public inquiries to expand the federal government’s continuation of a zero trust approach supporting the National Cybersecurity Strategy.

The Zero Trust Maturity Model was developed for federal use, but CISA recommends all industry players to move toward a zero trust model. “CISA has been acutely focused on guiding agencies, who are at various points in their journey, as they implement zero trust architecture,” said Chris Butera, Technical Director for Cybersecurity, CISA.  The update delivers a new maturity stage, “Initial”, that is a useful guide for identifying the maturity within each pillar (Identity, Devices, Network, Data, Applications and Workloads).

Various functions and updated features were also added to the four stages (Traditional, Initial, Advanced, and Optimal” to better aid engineers in zero trust integration. Implementation is accelerated with a maturity model update that provides a gradual increase to integration giving implementers time to build an optimized zero trust environment.

“As one of many roadmaps, the updated model will lead agencies through a methodical process and transition towards greater zero trust maturity. While applicable to federal civilian agencies, all organizations will find this model beneficial to review and use to implement their own architecture,” continued Butera   

Response to Comments for Zero Trust Maturity Model 

For more information, visit Zero Trust Maturity Model.

Chad Cox. Production Editor, Embedded Computing Design, has responsibilities that include handling the news cycle, newsletters, social media, and advertising. Chad graduated from the University of Cincinnati with a B.A. in Cultural and Analytical Literature.

More from Chad