Sikov - stock.adobe.com
CISA Reveals Enhanced Zero Trust Maturity Model
The updated Zero Trust Maturity Model features five adaptable pillars, facilitating gradual progress towards optimized zero trust architecture for organizations.
The Cybersecurity and Infrastructure Security Agency (CISA) unveiled the upgraded Zero Trust Maturity Model Version 2 in line with President Biden's National Cybersecurity Strategy.
The new model offers agencies a clear roadmap for enhancing their cyber defenses by adopting zero-trust practices. Zero trust is a security framework that assumes networks are always at risk from internal and external threats. This approach grants users full access, but only to the minimum extent necessary for them to perform their tasks. Assuming breaches are inevitable or have occurred, zero trust consistently limits access while monitoring for malicious activity. By applying the least-privileged access concept, zero trust allows for informed access decisions based on critical factors.
The updated Zero Trust Maturity Model, which incorporates public feedback, acknowledges that organizations begin their Zero-Trust journey from diverse starting points. It introduces a new "Initial" maturity stage to help evaluate each pillar's maturity. Throughout the four stages (traditional, initial, advanced, and optimal), CISA has integrated new and revised existing functions, providing guidance for organizations in planning and decision-making for zero trust architecture implementation.
“CISA has been acutely focused on guiding agencies, who are at various points in their journey, as they implement zero trust architecture,” Chris Butera, technical director for cybersecurity of CISA.
“As one of many roadmaps, the updated model will lead agencies through a methodical process and transition towards greater zero trust maturity. While applicable to federal civilian agencies, all organizations will find this model beneficial to review and implement their own architecture.”
Furthermore, the updated maturity model offers a gradient of implementation across five distinct pillars, facilitating deployment and enabling agencies to gradually progress towards optimizing zero trust architecture. The five pillars of the Zero Trust Maturity Model include identity, devices, network, data, and applications and workloads.
Zero Trust, a term coined in 2010, gained momentum after President Biden's 2021 executive order on cybersecurity which emphasized the importance of zero trust initiatives. This order outlined measures to enhance federal network security, including adopting zero trust architecture, and was accompanied by proposed investments in cybersecurity infrastructure. With increased investment, federal agencies are adopting zero trust architectures, and sectors like healthcare are seeing significant growth in implementation, driven by the evolving cyber threat landscape.
A recent Okta report indicates a significant increase in zero trust adoption among healthcare organizations, from 37 percent to 58 percent in one year, as a response to the evolving cyber threat landscape, which necessitates innovative security measures.