About Zero Trust Maturity Model

To facilitate implementation, the Zero Trust Maturity Model (as defined by the Cybersecurity and Infrastructure Security Agency – CISA) can be described using three stages, with increasing levels of protection, detail, and complexity for adoption, as outlined below. We have added 1 additional stage (Basic) to reflect absence. This approach allows you to adopt Zero Trust gradually, distributing costs over time rather than entirely upfront:

• Basic – no implementation of critical controls or just initial testing
• Traditional – manual configurations and assignment of attributes, static or incomplete security policies, manual incident response and mitigation deployment
• Advanced – Critical controls compliant. Some cross-pillars coordination, visibility, identity control and policy enforcement. There is also an Incident Response Process to pre-defined mitigations.
• Optimized – Fully automated assigning of attributes to assets and resources, dynamic policies based on automated/observed triggers powered by AI, alignment with open standards for cross-pillar interoperability and centralized visibility.