mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-11 13:44:56 +03:00
mukul975
3.7 KiB
3.7 KiB
Workflows: CISA Zero Trust Maturity Model Implementation
Workflow 1: Initial Maturity Assessment
Step 1: Establish Assessment Team
- Identify stakeholders from IT, security, compliance, and business units
- Assign pillar owners for each of the five ZTMM pillars
- Define assessment timeline and reporting cadence
Step 2: Inventory Current Capabilities
- Identity: Catalog authentication methods, identity providers, MFA coverage
- Devices: Enumerate all endpoints, document endpoint security tools
- Networks: Map network architecture, segmentation, encryption status
- Applications: List all applications, classify access controls
- Data: Identify data repositories, classification, DLP status
Step 3: Map to ZTMM Stages
- For each pillar, evaluate each function against the four maturity stages
- Document evidence for current stage determination
- Identify gaps between current and target maturity
- Rate cross-cutting capabilities (visibility, automation, governance)
Step 4: Produce Assessment Report
- Pillar-by-pillar maturity scores
- Gap analysis with prioritized recommendations
- Quick wins vs. long-term transformation items
- Resource requirements and estimated timelines
Workflow 2: Identity Pillar Advancement (Traditional to Advanced)
Phase A: MFA Deployment
1. Inventory all user accounts (privileged, standard, service)
2. Select phishing-resistant MFA solution (FIDO2/WebAuthn)
3. Deploy MFA for privileged accounts first
4. Extend MFA to all user accounts
5. Implement MFA for service accounts and APIs
6. Configure conditional access policies
Phase B: Identity Governance
1. Implement identity lifecycle management
2. Connect IAM to HR system for automated provisioning
3. Establish access certification reviews
4. Deploy identity threat detection
5. Implement just-in-time access for elevated privileges
Phase C: Continuous Verification
1. Integrate identity signals into access decisions
2. Deploy risk-based authentication
3. Implement session-level re-authentication for sensitive actions
4. Enable behavioral analytics for identity anomalies
Workflow 3: Cross-Pillar Integration
Step 1: Establish Unified Policy Engine
- Define access policies that incorporate all five pillars
- Implement Policy Decision Point (PDP) per NIST 800-207
- Deploy Policy Enforcement Points (PEP) at all access boundaries
Step 2: Integrate Signal Sources
- Identity signals -> trust score component
- Device posture -> trust score component
- Network context -> trust score component
- Application risk -> trust score component
- Data sensitivity -> access control component
Step 3: Implement Continuous Evaluation
- Real-time trust scoring engine
- Dynamic policy adjustment based on risk
- Automated access revocation on policy violation
- Audit logging for all access decisions
Step 4: Measure and Report
- Track maturity progression per pillar quarterly
- Report to leadership with ZTMM scorecard
- Adjust roadmap based on threat landscape changes
- Document lessons learned for continuous improvement
Workflow 4: Governance and Compliance Reporting
Step 1: Establish Zero Trust Governance Board
- Executive sponsor, CISO, pillar owners, compliance
- Monthly review of zero trust maturity progress
- Annual strategic review and roadmap adjustment
Step 2: Continuous Compliance Monitoring
- Map ZTMM controls to OMB M-22-09 requirements
- Automate evidence collection for each pillar
- Generate compliance dashboards
- Prepare for FISMA and other audit requirements
Step 3: Reporting to CISA
- Submit agency zero trust implementation plan
- Provide quarterly progress updates
- Document deviations and remediation plans