The Cybersecurity and Infrastructure Security Agency (CISA) has released an update to the Zero Trust Maturity Model (ZTMM), which was first introduced in September 2021. ZTMM serves as a roadmap for agencies to follow as they move towards implementing a zero-trust architecture. The model is composed of five pillars and is designed to facilitate federal implementation by allowing agencies to make incremental progress towards optimization.
The new update aims to make the ZTMM Version 2 more widely available to federal civilian agencies and educate them on its application to their zero-trust implementations.
CISA is also encouraging state, local, tribal, and territorial governments, as well as the private sector, to use ZTMM as a baseline for zero-trust implementation.
Furthermore, the zero-trust model assumes that no user or device should be automatically trusted and should always be verified before granting access to resources. The model also involves monitoring and limiting access to resources based on the user’s role, device, location, and other factors.
By adopting a zero-trust architecture, agencies can minimize the risk of unauthorized access to sensitive data and systems.
Additionally, with the release of the updated ZTMM, CISA is reinforcing the importance of a zero-trust architecture and providing guidance to agencies on how to implement it.
The model’s five pillars include identity and access management, device security, network security, application security, and data security, which are all critical components of a comprehensive zero-trust strategy.
