mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-06-11 13:44:56 +03:00
mukul975
4.0 KiB
4.0 KiB
CISA ZTMM Assessment Template
Organization Information
- Organization Name: _______________
- Assessment Date: _______________
- Assessment Lead: _______________
- Pillar Owners:
- Identity: _______________
- Devices: _______________
- Networks: _______________
- Applications: _______________
- Data: _______________
Pillar Assessment Worksheet
Identity Pillar
| Function | Traditional | Initial | Advanced | Optimal | Current | Evidence |
|---|---|---|---|---|---|---|
| Authentication | [ ] | [ ] | [ ] | [ ] | ___ | |
| Identity Stores | [ ] | [ ] | [ ] | [ ] | ___ | |
| Risk Assessment | [ ] | [ ] | [ ] | [ ] | ___ | |
| Access Management | [ ] | [ ] | [ ] | [ ] | ___ | |
| Identity Lifecycle | [ ] | [ ] | [ ] | [ ] | ___ | |
| Visibility & Analytics | [ ] | [ ] | [ ] | [ ] | ___ | |
| Automation & Orchestration | [ ] | [ ] | [ ] | [ ] | ___ | |
| Governance | [ ] | [ ] | [ ] | [ ] | ___ |
Devices Pillar
| Function | Traditional | Initial | Advanced | Optimal | Current | Evidence |
|---|---|---|---|---|---|---|
| Policy Enforcement | [ ] | [ ] | [ ] | [ ] | ___ | |
| Asset Management | [ ] | [ ] | [ ] | [ ] | ___ | |
| Device Compliance | [ ] | [ ] | [ ] | [ ] | ___ | |
| Device Threat Protection | [ ] | [ ] | [ ] | [ ] | ___ | |
| Visibility & Analytics | [ ] | [ ] | [ ] | [ ] | ___ | |
| Automation & Orchestration | [ ] | [ ] | [ ] | [ ] | ___ | |
| Governance | [ ] | [ ] | [ ] | [ ] | ___ |
Networks Pillar
| Function | Traditional | Initial | Advanced | Optimal | Current | Evidence |
|---|---|---|---|---|---|---|
| Network Segmentation | [ ] | [ ] | [ ] | [ ] | ___ | |
| Threat Protection | [ ] | [ ] | [ ] | [ ] | ___ | |
| Encryption | [ ] | [ ] | [ ] | [ ] | ___ | |
| Network Resilience | [ ] | [ ] | [ ] | [ ] | ___ | |
| Visibility & Analytics | [ ] | [ ] | [ ] | [ ] | ___ | |
| Automation & Orchestration | [ ] | [ ] | [ ] | [ ] | ___ | |
| Governance | [ ] | [ ] | [ ] | [ ] | ___ |
Applications & Workloads Pillar
| Function | Traditional | Initial | Advanced | Optimal | Current | Evidence |
|---|---|---|---|---|---|---|
| Access Authorization | [ ] | [ ] | [ ] | [ ] | ___ | |
| Threat Protection | [ ] | [ ] | [ ] | [ ] | ___ | |
| Accessibility | [ ] | [ ] | [ ] | [ ] | ___ | |
| Application Security | [ ] | [ ] | [ ] | [ ] | ___ | |
| Visibility & Analytics | [ ] | [ ] | [ ] | [ ] | ___ | |
| Automation & Orchestration | [ ] | [ ] | [ ] | [ ] | ___ | |
| Governance | [ ] | [ ] | [ ] | [ ] | ___ |
Data Pillar
| Function | Traditional | Initial | Advanced | Optimal | Current | Evidence |
|---|---|---|---|---|---|---|
| Data Inventory | [ ] | [ ] | [ ] | [ ] | ___ | |
| Data Categorization | [ ] | [ ] | [ ] | [ ] | ___ | |
| Data Availability | [ ] | [ ] | [ ] | [ ] | ___ | |
| Data Access | [ ] | [ ] | [ ] | [ ] | ___ | |
| Data Encryption | [ ] | [ ] | [ ] | [ ] | ___ | |
| Visibility & Analytics | [ ] | [ ] | [ ] | [ ] | ___ | |
| Automation & Orchestration | [ ] | [ ] | [ ] | [ ] | ___ | |
| Governance | [ ] | [ ] | [ ] | [ ] | ___ |
Gap Analysis Summary
| Pillar | Current Stage | Target Stage | Gap | Priority |
|---|---|---|---|---|
| Identity | ___ | Advanced | ___ | ___ |
| Devices | ___ | Advanced | ___ | ___ |
| Networks | ___ | Advanced | ___ | ___ |
| Applications | ___ | Advanced | ___ | ___ |
| Data | ___ | Advanced | ___ | ___ |
OMB M-22-09 Compliance Checklist
- Phishing-resistant MFA deployed for all agency staff
- Complete device inventory with EDR coverage
- DNS and HTTP traffic encrypted
- Applications treated as internet-connected with regular testing
- Data categorization and automated discovery implemented