CISA Seeks Public Comment on Zero Trust Maturity Model

The Cybersecurity and Infrastructure Security Agency is seeking public comment on its Zero Trust Maturity Model, a roadmap designed to help government agencies transition to the zero trust security architecture.

CISA said the maturity model includes five pillars based on the foundations of zero trust: visibility, analytics, automation, orchestration and governance.

The document provides specific examples of a traditional, advanced and optimal implementation of the security model. The period for public comment began on Sept. 7 and is scheduled to conclude on Oct. 1, CISA said.

The agency specifically wants insights from agencies, including on how the guidance has helped them in crafting their zero trust implementation plan.

CISA also wants to know if the five pillars can be delineated in a better way. Agencies are asked to point out which pillars are best defined and which ones need more work.

In accordance with President Joe Biden’s May 12 executive order on national cybersecurity, CISA drafted the Zero Trust Maturity Model in June in collaboration with the U.S. Digital Service and the Federal Risk and Authorization Management Program.

“President Biden’s Cyber Executive Order outlined crucial steps needed to secure the federal government’s networks and CISA is focused on completing the required tasks and more,” Eric Goldstein, executive assistant director of cybersecurity at CISA.

The maturity model complements a draft zero trust federal strategy that the Office of Management and Budget released on Sept. 7.

OMB’s draft directs federal civilian agencies to prioritize key security outcomes and set baseline and technical requirements, the White House said.