# CISA ZTMM Assessment Template

## Organization Information
- **Organization Name**: _______________
- **Assessment Date**: _______________
- **Assessment Lead**: _______________
- **Pillar Owners**:
  - Identity: _______________
  - Devices: _______________
  - Networks: _______________
  - Applications: _______________
  - Data: _______________

## Pillar Assessment Worksheet

### Identity Pillar

| Function | Traditional | Initial | Advanced | Optimal | Current | Evidence |
|---|---|---|---|---|---|---|
| Authentication | [ ] | [ ] | [ ] | [ ] | ___ | |
| Identity Stores | [ ] | [ ] | [ ] | [ ] | ___ | |
| Risk Assessment | [ ] | [ ] | [ ] | [ ] | ___ | |
| Access Management | [ ] | [ ] | [ ] | [ ] | ___ | |
| Identity Lifecycle | [ ] | [ ] | [ ] | [ ] | ___ | |
| Visibility & Analytics | [ ] | [ ] | [ ] | [ ] | ___ | |
| Automation & Orchestration | [ ] | [ ] | [ ] | [ ] | ___ | |
| Governance | [ ] | [ ] | [ ] | [ ] | ___ | |

### Devices Pillar

| Function | Traditional | Initial | Advanced | Optimal | Current | Evidence |
|---|---|---|---|---|---|---|
| Policy Enforcement | [ ] | [ ] | [ ] | [ ] | ___ | |
| Asset Management | [ ] | [ ] | [ ] | [ ] | ___ | |
| Device Compliance | [ ] | [ ] | [ ] | [ ] | ___ | |
| Device Threat Protection | [ ] | [ ] | [ ] | [ ] | ___ | |
| Visibility & Analytics | [ ] | [ ] | [ ] | [ ] | ___ | |
| Automation & Orchestration | [ ] | [ ] | [ ] | [ ] | ___ | |
| Governance | [ ] | [ ] | [ ] | [ ] | ___ | |

### Networks Pillar

| Function | Traditional | Initial | Advanced | Optimal | Current | Evidence |
|---|---|---|---|---|---|---|
| Network Segmentation | [ ] | [ ] | [ ] | [ ] | ___ | |
| Threat Protection | [ ] | [ ] | [ ] | [ ] | ___ | |
| Encryption | [ ] | [ ] | [ ] | [ ] | ___ | |
| Network Resilience | [ ] | [ ] | [ ] | [ ] | ___ | |
| Visibility & Analytics | [ ] | [ ] | [ ] | [ ] | ___ | |
| Automation & Orchestration | [ ] | [ ] | [ ] | [ ] | ___ | |
| Governance | [ ] | [ ] | [ ] | [ ] | ___ | |

### Applications & Workloads Pillar

| Function | Traditional | Initial | Advanced | Optimal | Current | Evidence |
|---|---|---|---|---|---|---|
| Access Authorization | [ ] | [ ] | [ ] | [ ] | ___ | |
| Threat Protection | [ ] | [ ] | [ ] | [ ] | ___ | |
| Accessibility | [ ] | [ ] | [ ] | [ ] | ___ | |
| Application Security | [ ] | [ ] | [ ] | [ ] | ___ | |
| Visibility & Analytics | [ ] | [ ] | [ ] | [ ] | ___ | |
| Automation & Orchestration | [ ] | [ ] | [ ] | [ ] | ___ | |
| Governance | [ ] | [ ] | [ ] | [ ] | ___ | |

### Data Pillar

| Function | Traditional | Initial | Advanced | Optimal | Current | Evidence |
|---|---|---|---|---|---|---|
| Data Inventory | [ ] | [ ] | [ ] | [ ] | ___ | |
| Data Categorization | [ ] | [ ] | [ ] | [ ] | ___ | |
| Data Availability | [ ] | [ ] | [ ] | [ ] | ___ | |
| Data Access | [ ] | [ ] | [ ] | [ ] | ___ | |
| Data Encryption | [ ] | [ ] | [ ] | [ ] | ___ | |
| Visibility & Analytics | [ ] | [ ] | [ ] | [ ] | ___ | |
| Automation & Orchestration | [ ] | [ ] | [ ] | [ ] | ___ | |
| Governance | [ ] | [ ] | [ ] | [ ] | ___ | |

## Gap Analysis Summary

| Pillar | Current Stage | Target Stage | Gap | Priority |
|---|---|---|---|---|
| Identity | ___ | Advanced | ___ | ___ |
| Devices | ___ | Advanced | ___ | ___ |
| Networks | ___ | Advanced | ___ | ___ |
| Applications | ___ | Advanced | ___ | ___ |
| Data | ___ | Advanced | ___ | ___ |

## OMB M-22-09 Compliance Checklist

- [ ] Phishing-resistant MFA deployed for all agency staff
- [ ] Complete device inventory with EDR coverage
- [ ] DNS and HTTP traffic encrypted
- [ ] Applications treated as internet-connected with regular testing
- [ ] Data categorization and automated discovery implemented

## Roadmap Priorities

### Quick Wins (0-3 months)
1. _______________
2. _______________
3. _______________

### Short-term (3-6 months)
1. _______________
2. _______________
3. _______________

### Medium-term (6-12 months)
1. _______________
2. _______________
3. _______________

### Long-term (12-24 months)
1. _______________
2. _______________
3. _______________