Cyber

CISA Zero Trust Maturity Model 2.0 expected in coming days

The latest guidance will update key definitions and metrics for the governmentwide adoption of zero-trust security architectures.

By Nihal Krishan

March 23, 2023

Sean Connelly speaks Jan. 28, 2020, at the Zero Trust Security Summit presented by Duo Security and produced by FedScoop and CyberScoop. (Scoop News Group)

The Cybersecurity and Infrastructure Security Agency will publish the second version of its Zero Trust Maturity Model in the coming days, a top agency official said Thursday.

The latest version of the guidance is expected to update key definitions and metrics for the governmentwide adoption of zero-trust security architectures.

It comes more than a year after the release of CISA’s Zero Trust Maturity Model, which set out how U.S. government departments could deploy its Continuous Diagnostics and Mitigation (CDM) program to improve network visibility.

“So just to get everyone prepared in the next week or so we should have the second version of the Maturity Model. It’s not on the website yet today as we’d expected, but it should be next week,” said CISA Senior Cybersecurity Architect Sean Connelly. Connelly was speaking at during the 2023 ATARC Zero Trust Summit in Washington on Thursday.

The Zero Trust Maturity Model’s five pillars — identity, devices, networks, applications and workloads, and data — are meant to be a guide for federal agencies zero trust strategy implementations and most agencies have started off focusing on identity and data questions.

Federal agencies have been pushed to submit their zero-trust architecture implementation plans as required by the White House’ Office of Management and Budget (OMB).

“Last year agencies part of the zero trust strategy were responsible for sending in a direct implementation plan, to hold themselves accountable — we’re reviewing each of those plans and matching them up with our new maturity model,” Connelly added.

CISA describes its maturity model as “one of many roadmaps” for federal agencies shifting to zero trust architectures, which are intended to prevent unauthorized or dangerous access to government data and services by consistently verifying user credentials across network checkpoints.

CISA Zero Trust Maturity Model 2.0 expected in coming days

More Like This

CISA’s chief data officer: Bias in AI models won’t be the same for every agency

Cybersecurity executive order requirements are nearly complete, GAO says

Federal CIO calls on Congress to fund Technology Modernization Fund

Top Stories

DOJ seeks public input on AI use in criminal justice system

DHS picks OMB official to lead its new AI Corps

GSA taps Login.gov deputy director to take top role next month

Scientists must be empowered — not replaced — by AI, report to White House argues

404 page: the error sites of federal agencies

White House hopeful ‘more maturity’ of data collection will improve AI inventories

Generative AI could raise questions for federal records laws

More Scoops

CISA establishing new office focused on zero trust

HHS exploring program management office support for departmentwide zero trust implementation

Stumbling blocks abound in federal push to stronger identity and access management, CISA and NSA panel finds

GSA seeks help to ‘get across the finish line’ modernizing cybersecurity, adopting zero trust

Completing move to zero trust among Customs and Border Protection’s new IT goals

‘Hundreds’ of agency internet-connected devices found running in violation of recent CISA directive, cyber firm reports

CISA directs agencies to disconnect ‘networked management devices’ from the internet

Latest Podcasts

CISA Zero Trust Maturity Model 2.0 expected in coming days

GSA’s Login.gov platform gets a new director

DOD’s Ashley Elizabeth Evans on effectively implementing AI

DHS’ Chris Kraft on emerging trends in AI and automation

Tech

Defense

Cyber

Acquisition