Thanks for sharing Alex. Glad to see that the paper's ZT focus starts with the idea that a network perimeter is viewed as potentially vulnerable or already compromised, and that each "each user, device, application, and transaction must be continually verified" . And glad to see that there is acknowledgement of a holistic approach to securing the network by performing authentication, identity validation and authorization across each subsystem traversed by a communication. Good to see that NISTSP 800 207 is taken as the reference work. I've found the High-Level Zero Trust Maturity Model Overview a very useful matrix for evaluating cybersecurity maturity - useful because it can be applied at both the macro and micro level. This sits well with a service-oriented view, and breaks down the artificial distinction between IT and OT - because to my simple mind there is none. All systems require networking, hosting infrastructure, software and OS platforms, software services, event handling, computing devices and data. Yes I agree that the road to cybersecurity maturity across the enterprise landscape is challenging. However this paper makes good philosophical and practical guidance, particularly the updated H-L ZTMMO. Best Nya
------------------------------
Nya Murray
Director
Trac-Car
------------------------------
Original Message:
Sent: Apr 11, 2023 12:16:07 PM
From: Alex Sharpe
Subject: CISA Releases Zero Trust Maturity Model V 2.0
The new phone book is here!
Would love to know everyone's thoughts on differences from V 1.0
https://www.cisa.gov/sites/default/files/2023-04/zero_trust_maturity_model_v2_508.pdf
------------------------------
Alex Sharpe
Principal
Sharpe42
[email protected]
Co-Chair Philosophy & Guiding Principles Working Group
Co-Chair Organizational Strategy & Governance Working Group
------------------------------