The Path to Zero Trust Maturity

The Path to Zero Trust Maturity

Date: November 7, 2021

As the world continues to battle the pandemic, a remote workforce persists. Given the sudden and continued need for remote capabilities, organizations are forced to assess and consider strengthening their security measures to meet an entirely new set of demands from cyber threats. With the new reality of an increased, ever-evolving threat landscape, organizations must truly assess current strengths and weaknesses in terms of cybersecurity to pinpoint areas of improvement. These cyber threats must be addressed through strategies such as Zero Trust (ZT), further bolstered by President Biden’s Executive Order (EO) 14028 which calls for improvements in the nation’s cybersecurity by mandating the adoption of a Zero Trust Architecture (ZTA).

T-Rex’s cybersecurity leaders Jyoti Wadhwa and Dr. Allen Harper co-authored an industry-leading white paper in partnership with the Cloud Security Alliance (CSA) that provides industry stakeholders with guidance on how to develop a ZT strategy including a prioritized investment roadmap that is in alignment with EO 14028. Industry and government alike must develop a ZT strategy and implement a ZTA to meet the mandates from the EO as well as to address a sophisticated threat landscape that includes hybrid and cloud environments.

As organizations seek to adopt a Zero Trust Architecture (ZTA), there are many different paths in industry from which to choose. The aim of Jyoti Wadhwa and Dr. Allen Harper in this white paper is to provide a guided approach to how your organization can navigate this complex, hybrid environment to develop the best ZT strategy for your organization. Their guidance for organizations begins with first assessing a current state of ZTA maturity. The Cybersecurity and Infrastructure Security Agency (CISA) provides a Zero Trust Architecture Capability Maturity Model (ZTA-CMM) to do exactly this. The ZTA-CMM is comprised of five pillars of Identity, Device, Network, Application/Workload, Data and three cross cutting attributes of Visibility and Analytics, Automation and Orchestration, and Governance.

ZT Maturity Level

To better understand your organization’s ZT Maturity level, you must conduct reviews and analysis with key stakeholders that account not only for the technology but also for the people and processes behind the technology. Using CISA’s ZTA-CMM five pillars, your organization can assess its current ZT maturity level. The initial assessment and results serve as baseline towards developing a comprehensive ZT Roadmap.

ZT Roadmap

Once the current state of your ZT Maturity Level is established, the identification of gaps between a desired future state begins. In this step of a ZT strategy, organizational stakeholders are informed by their risk tolerance levels to identify any additional investments needed to meet the organization’s target security posture.  The resultant roadmap yields a clarified and detailed plan that prioritizes capital and resource allocations, through a phased approach to meet its security requirements over a defined timeline.

As the ZT-based solutions are implemented, they should be guided by industry best-practices such as the recent NIST SP 800-207 on ZTA; the Cloud Security Alliance CSA Cloud Controls Matrix (CCM) or government Security Technical Implementation Guides (STIGs).

There is no one-size-fits-all approach to implementing ZTA. ZTA must be tailored for each organization based on business needs.

T-Rex’s cyber experts have been working with organizations to enhance their security posture through a tailored ZT strategy for a hybrid or cloud environment. By working with ZT experts, we will help you accelerate your cybersecurity goals and, in many cases, also impact increased cost savings as part of your cloud path to zero trust maturity.

Want to learn more on how to implement ZTA within your organization? Contact us at cybersecurity@trexsolutionsllc.com

To review the full whitepaper, click here.


recently posted
Zero Trust Lift: Network Visibility and Analytics Maturity using Zeek

Zero Trust Lift: Network Visibility and Analytics Maturity using Zeek

Zeek is a proven open-source network visibility and analytics tool that you can leverage to increase your agency’s Network Visibility and Analytics Capability maturity under CISA’s Zero Trust Maturity Model Version 2. Zeek (https://zeek.org, formerly named Bro) is a network […]

T-Rex is Hiring at Hill Air Force Base

T-Rex is Hiring at Hill Air Force Base

Since 2016, T-Rex has been supporting large scale hybrid-cloud migrations and systems modernization, to include the successful deployment of the first-ever online U.S. Census in 2020. We are excited about expanding our IT Modernization services within the National Security market, […]

Secure by Design and Zero Trust: Integrating Supply Chain Risk Management with DevSecOps

Secure by Design and Zero Trust: Integrating Supply Chain Risk Management with DevSecOps

Agencies are seeking innovative ways to mature their Zero Trust posture. In this article, we have focused on improvements to your DevSecOps to increase maturity in two pillars: 1) Devices and Applications and 2) Workloads.

Protecting Government Apps and Workloads from Zero-Day Cyber Threats

Protecting Government Apps and Workloads from Zero-Day Cyber Threats

In April 2023, CISA released Zero Trust Maturity Model Version 2, which added a fourth security maturity level and reaffirmed application and workload cyber requirements. In this article we consider Application Threat Protections security levels within the Applications and Workloads […]