What Are the Five Pillars of CISA's Zero Trust Maturity Model (ZTMM)?
What Are the Five Pillars of CISA’s Zero Trust Maturity Model (ZTMM)?
CISA’s Zero Trust Maturity Model (ZTMM) is a comprehensive framework designed to help organizations implement zero trust architecture. The model is built around five key pillars that address different aspects of cybersecurity:
1. Identity
This pillar describes characteristics of each user or agency. Among the elements that describe each entity are authentication, risk assessments and tools to identify each entity, whether they are manual or automated.
2. Device
Any device connecting to a user network is characterized by this pillar. It addresses asset tracking and management, access to the device and how the device complies with security rules and protocols.
3. Network/Environment
This addresses the network environment, whether hardware-based, wireless or linking to networks, such as the internet. It also examines the presence of encryption, threat identification and mitigation resources, and how the network is physically and logically configured.
4. Application Workload
This pillar examines the systems and applications being executed on site as well as remotely, such as in cloud environments. The process analyzes how applications are accessed, security measures that protect applications and the presence of threat identification and mitigation measures.
5. Data
All aspects of securing production data, data storage, data management and data protection are examined in this pillar. Among the issues addressed are data access, data encryption and data inventory management.
