The Cybersecurity and Infrastructure Security Agency (CISA) is aiming to issue the second version of its Zero Trust Maturity Model this summer, according to Eric Goldstein, CISA’s executive assistant director for cybersecurity.
“This summer is certainly our target, you know, our goal is for the maturity model to really be a significant improvement from the first one, frankly,” said Goldstein during Federal News Network’s 2022 Zero Trust Exchange event on June 21. “I think we heard great feedback on the first maturity model that many organizations public and private are finding to be in practice really useful,” he said.
Goldstein said that the first version of the model received “over 300” comments, which are being worked into the new draft with a goal of making it an “enduring, living document.”
He added that CISA doesn’t want its updated maturity model to “just be a phone with a better camera. Rather, he said, CISA wants the next model to have “really useful new attributes” that are going to really move the ball forward.
“We are still learning, as a security enterprise, how zero trust principles can be most effectively adopted at scale for different types of organizations,” Goldstein said. “And so this is going to be a living and an ongoing effort for us.”
The initial Zero Trust Maturity Model was drafted in June 2021, and was released for public comment on Sept. 7, 2021.
The first version included five pillars and three cross-cutting capabilities and is based on the foundations of zero trust, according to CISA, with a goal of assisting agencies in developing their zero trust strategies and implementation plans, while also presenting ways CISA can support zero trust solutions across agencies.