mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-17 05:05:16 +03:00
Initial commit - 611 cybersecurity skills across all subdomains
This commit is contained in:
@@ -0,0 +1,51 @@
|
||||
# Standards Reference: CISA Zero Trust Maturity Model
|
||||
|
||||
## Primary Standards
|
||||
|
||||
### CISA Zero Trust Maturity Model v2.0 (April 2023)
|
||||
- **Source**: Cybersecurity and Infrastructure Security Agency
|
||||
- **Scope**: Federal agencies and organizations implementing zero trust
|
||||
- **Five Pillars**: Identity, Devices, Networks, Applications & Workloads, Data
|
||||
- **Four Maturity Stages**: Traditional, Initial, Advanced, Optimal
|
||||
- **Cross-Cutting**: Visibility & Analytics, Automation & Orchestration, Governance
|
||||
|
||||
### NIST SP 800-207: Zero Trust Architecture
|
||||
- **Published**: August 2020
|
||||
- **Tenets**: Never trust, always verify; assume breach; least privilege access
|
||||
- **Deployment Models**: Device agent/gateway, enclave, resource portal
|
||||
- **Key Requirement**: Policy decision point (PDP) and policy enforcement point (PEP)
|
||||
|
||||
### Executive Order 14028: Improving the Nation's Cybersecurity
|
||||
- **Signed**: May 12, 2021
|
||||
- **Mandate**: Federal agencies must adopt zero trust architecture
|
||||
- **Timeline**: Agencies required to develop zero trust implementation plans
|
||||
|
||||
### OMB Memorandum M-22-09: Federal Zero Trust Strategy
|
||||
- **Published**: January 2022
|
||||
- **Requirements per pillar**:
|
||||
- Identity: Phishing-resistant MFA for all staff
|
||||
- Devices: EDR deployed across federal endpoints
|
||||
- Networks: DNS traffic encrypted, HTTP traffic encrypted
|
||||
- Applications: Application security testing in CI/CD
|
||||
- Data: Data categorization and automated classification
|
||||
|
||||
## Supporting Standards
|
||||
|
||||
### NSA Zero Trust Pillar Guidance Series (2024)
|
||||
- User Pillar (February 2024)
|
||||
- Device Pillar (March 2024)
|
||||
- Data Pillar (April 2024)
|
||||
- Application & Workload Pillar (April 2024)
|
||||
- Network & Environment Pillar (May 2024)
|
||||
- Visibility & Analytics Pillar (May 2024)
|
||||
- Automation & Orchestration Pillar (June 2024)
|
||||
|
||||
### DISA Zero Trust Reference Architecture
|
||||
- Department of Defense specific implementation
|
||||
- Aligns with NIST 800-207 and CISA ZTMM
|
||||
- Covers DoD-specific compliance requirements
|
||||
|
||||
### FedRAMP Zero Trust Requirements
|
||||
- Cloud service providers must support zero trust
|
||||
- Continuous monitoring requirements
|
||||
- Identity federation standards
|
||||
@@ -0,0 +1,102 @@
|
||||
# Workflows: CISA Zero Trust Maturity Model Implementation
|
||||
|
||||
## Workflow 1: Initial Maturity Assessment
|
||||
|
||||
```
|
||||
Step 1: Establish Assessment Team
|
||||
- Identify stakeholders from IT, security, compliance, and business units
|
||||
- Assign pillar owners for each of the five ZTMM pillars
|
||||
- Define assessment timeline and reporting cadence
|
||||
|
||||
Step 2: Inventory Current Capabilities
|
||||
- Identity: Catalog authentication methods, identity providers, MFA coverage
|
||||
- Devices: Enumerate all endpoints, document endpoint security tools
|
||||
- Networks: Map network architecture, segmentation, encryption status
|
||||
- Applications: List all applications, classify access controls
|
||||
- Data: Identify data repositories, classification, DLP status
|
||||
|
||||
Step 3: Map to ZTMM Stages
|
||||
- For each pillar, evaluate each function against the four maturity stages
|
||||
- Document evidence for current stage determination
|
||||
- Identify gaps between current and target maturity
|
||||
- Rate cross-cutting capabilities (visibility, automation, governance)
|
||||
|
||||
Step 4: Produce Assessment Report
|
||||
- Pillar-by-pillar maturity scores
|
||||
- Gap analysis with prioritized recommendations
|
||||
- Quick wins vs. long-term transformation items
|
||||
- Resource requirements and estimated timelines
|
||||
```
|
||||
|
||||
## Workflow 2: Identity Pillar Advancement (Traditional to Advanced)
|
||||
|
||||
```
|
||||
Phase A: MFA Deployment
|
||||
1. Inventory all user accounts (privileged, standard, service)
|
||||
2. Select phishing-resistant MFA solution (FIDO2/WebAuthn)
|
||||
3. Deploy MFA for privileged accounts first
|
||||
4. Extend MFA to all user accounts
|
||||
5. Implement MFA for service accounts and APIs
|
||||
6. Configure conditional access policies
|
||||
|
||||
Phase B: Identity Governance
|
||||
1. Implement identity lifecycle management
|
||||
2. Connect IAM to HR system for automated provisioning
|
||||
3. Establish access certification reviews
|
||||
4. Deploy identity threat detection
|
||||
5. Implement just-in-time access for elevated privileges
|
||||
|
||||
Phase C: Continuous Verification
|
||||
1. Integrate identity signals into access decisions
|
||||
2. Deploy risk-based authentication
|
||||
3. Implement session-level re-authentication for sensitive actions
|
||||
4. Enable behavioral analytics for identity anomalies
|
||||
```
|
||||
|
||||
## Workflow 3: Cross-Pillar Integration
|
||||
|
||||
```
|
||||
Step 1: Establish Unified Policy Engine
|
||||
- Define access policies that incorporate all five pillars
|
||||
- Implement Policy Decision Point (PDP) per NIST 800-207
|
||||
- Deploy Policy Enforcement Points (PEP) at all access boundaries
|
||||
|
||||
Step 2: Integrate Signal Sources
|
||||
- Identity signals -> trust score component
|
||||
- Device posture -> trust score component
|
||||
- Network context -> trust score component
|
||||
- Application risk -> trust score component
|
||||
- Data sensitivity -> access control component
|
||||
|
||||
Step 3: Implement Continuous Evaluation
|
||||
- Real-time trust scoring engine
|
||||
- Dynamic policy adjustment based on risk
|
||||
- Automated access revocation on policy violation
|
||||
- Audit logging for all access decisions
|
||||
|
||||
Step 4: Measure and Report
|
||||
- Track maturity progression per pillar quarterly
|
||||
- Report to leadership with ZTMM scorecard
|
||||
- Adjust roadmap based on threat landscape changes
|
||||
- Document lessons learned for continuous improvement
|
||||
```
|
||||
|
||||
## Workflow 4: Governance and Compliance Reporting
|
||||
|
||||
```
|
||||
Step 1: Establish Zero Trust Governance Board
|
||||
- Executive sponsor, CISO, pillar owners, compliance
|
||||
- Monthly review of zero trust maturity progress
|
||||
- Annual strategic review and roadmap adjustment
|
||||
|
||||
Step 2: Continuous Compliance Monitoring
|
||||
- Map ZTMM controls to OMB M-22-09 requirements
|
||||
- Automate evidence collection for each pillar
|
||||
- Generate compliance dashboards
|
||||
- Prepare for FISMA and other audit requirements
|
||||
|
||||
Step 3: Reporting to CISA
|
||||
- Submit agency zero trust implementation plan
|
||||
- Provide quarterly progress updates
|
||||
- Document deviations and remediation plans
|
||||
```
|
||||
Reference in New Issue
Block a user