Zero Trust Maturity Model

What Is the Zero Trust Maturity Model?

CISA’s Zero Trust Maturity Model is a framework that helps organizations assess and improve their implementation of the Zero Trust Security model. It provides a structured approach for organizations to enhance their security posture by implementing Zero Trust principles and continuously improving their security practices.

This new security model, developed initially according to federal (US) cybersecurity guidelines, assumes that all users, devices, and applications are potential threats and therefore requires continuous verification and validation of all entities attempting to access resources on the network.

The Zero Trust Maturity Model provides a set of best practices and guidelines that organizations can use to assess their current level of Zero Trust adoption, identify areas for improvement, and develop a roadmap for achieving higher maturity levels. 

Five Pillars of the Zero Trust Maturity Model

Cyberattacks are increasing by 50 percent annually, motivating organizations to gain a deeper understanding of Zero Trust and how it can be used to protect crucial business systems. While different frameworks may use different terminology or organization, the typical Zero Trust Maturity Model is based on these five pillars.

1. Identity

The first pillar of Zero Trust is identity, which involves establishing and verifying the identities of all users and devices accessing resources on the network. This includes using strong authentication methods, such as multi-factor authentication (MFA), and continuously monitoring for unusual activity or changes in behavior that could indicate a security threat.

2. Devices

The second pillar focuses on device security, which means ensuring that all devices accessing the network are secure and compliant with organizational policies. This includes enforcing strong passwords, ensuring that devices are running up-to-date software and security patches, and restricting access to sensitive resources based on the device’s security posture.

3. Network

The third pillar involves securing the network itself, including both the internal network and external connections. This includes encrypting traffic, segmenting the network to limit access to sensitive resources, and implementing continuous monitoring and threat detection.

4. Data

The fourth pillar is data security, which involves protecting sensitive data throughout its lifecycle. This includes encrypting data at rest and in transit, monitoring for data exfiltration, and restricting access based on the sensitivity of the data.

5. Applications and Workloads

The final pillar of the Zero Trust Maturity Model focuses on securing applications and data, including both on-premises and cloud-based applications. This involves implementing access controls and encryption, auditing access and usage, and protecting against data exfiltration.


By addressing these five pillars, organizations can create a comprehensive and adaptive security model to protect against various threats and attacks effectively.

Three Cross-Cutting Capabilities of Zero Trust Maturity 2.0

According to Zero Trust Maturity 2.0, cross-cutting capabilities refer to important practices across all five Zero Trust Maturity Model pillars. These capabilities provide a foundation for a successful Zero Trust Implementation by enhancing an organization’s ability to detect and respond to threats while streamlining security operations and improving overall effectiveness.

1. Visibility

Visibility involves having a comprehensive understanding of all devices, users, applications, and data on the network, as well as their interactions and behavior. This includes real-time monitoring and historical analysis to detect anomalies and identify potential threats.

2. Automation

Automation involves using technology to streamline security operations and improve response times. This includes automating routine tasks such as patch management and security configuration and using artificial intelligence and machine learning to analyze data and identify potential threats.

3. Orchestration

Orchestration involves integrating security controls and tools across the organization to create a unified and adaptive security environment. This includes using common frameworks and standards to facilitate communication and collaboration across teams and departments and implementing response plans and procedures to address potential threats in a coordinated manner.

Five Stages of Zero Trust Maturity

There are five stages of maturity, according to the latest Zero Trust update.

1. Initial

In the initial stage, organizations have a traditional perimeter-based security model that assumes all network users and devices can be trusted. Security controls are focused on the network perimeter, such as firewalls and antivirus software, and there is limited visibility into user and device behavior.

2. Developing

At the developing stage, organizations adopt some Zero Trust principles, such as implementing MFA and segmenting the network to limit access to sensitive resources. Security controls are still largely perimeter-based, but there is increased visibility into user and device behavior.

3. Defined

In the defined stage, organizations have a well-defined Zero Trust strategy and have implemented various security controls to protect against threats. This includes strong identity and access controls, continuous monitoring and threat detection, and robust data protection measures. There is a high level of visibility into user and device behavior, and security controls are adaptive and based on risk.

4. Implemented

Now, organizations have fully implemented a Zero Trust model and integrated it into their overall security strategy. This includes a strong focus on automation and orchestration to streamline security operations and a continuous improvement approach to refine security controls based on threat intelligence and risk assessments.

5. Optimized

In the final stage, organizations have achieved a high level of Zero Trust maturity and have a culture of continuous improvement and innovation. This includes a strong focus on collaboration across teams and departments and leveraging advanced technologies such as artificial intelligence and machine learning to enhance security operations. Security controls are adaptive and based on real-time threat intelligence, and the organization is well-prepared to respond to advanced threats and attacks.

Who Can Benefit from the Zero Trust Maturity Model?

While the model was developed specifically for federal agencies, it can be applied to organizations of any size and industry. The Zero Trust Maturity Model can benefit any organization looking to improve its cybersecurity posture. 

Implementing the Zero Trust Maturity Model can help organizations reduce the risk of data breaches and cyber-attacks by protecting sensitive data and limiting access to it. The model emphasizes continuous monitoring, risk assessment, and data protection measures, which can help organizations detect and respond to threats in real time.

Every security team wants Zero Trust—nobody gets or keeps access to anything until they prove and continue to prove who they are, that access is authorized, and they are not acting maliciously. That’s why organizations choose BlackBerry® Zero Trust Architecture powered by Cylance® AI to protect their people, data, and networks.