CISA to Update Zero Trust Maturity Model to Meet Biden’s Cybersecurity Goals

The Cybersecurity and Infrastructure Security Agency plans to update its zero trust maturity model to help agencies meet the White House’s cybersecurity goals, an official said.

Grant Dasher, an identity and access management expert at CISA, advised agencies to continue adopting cybersecurity measures as they wait for the release of the update, FCW reported Tuesday.

Such measures include the implementation of multi-factor authentication, protection against phishing and other recommendations included in the original zero trust maturity model, Dasher said at the Identity Theft Resource Center cybersecurity policy forum.

CISA published the original document in September 2021, providing agencies a zero trust implementation road map. According to the guidance, agencies should build their architectures based on five pillars: visibility, analytics, automation, orchestration and governance.

In its press release, CISA explained that zero trust will provide agencies finer control over their systems, enabling the visibility needed to support the development, implementation, enforcement and evolution of security policies.

The agency created the maturity model in accordance with President Joe Biden’s May 12 executive order on federal cybersecurity, in which zero trust is a key element.

Biden described the transition to zero trust as a “multi-year journey for federal agencies” that will require the government to “learn and adjust along the way as new practices and technologies emerge.”

The Office of Management and Budget released an accompanying zero trust federal strategy in September 2021, directing agencies to prioritize several key security outcomes and set baseline policy and technical requirements.

OMB’s strategy also required agencies to consolidate systems, implement multi-factor authentication, treat internal networks as untrusted by default and move protections closer to data, among other measures.