creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-11 21:54:56 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/implementing-cisa-zero-trust-maturity-model/references/standards.md
T

2.1 KiB
Raw Blame History

Standards Reference: CISA Zero Trust Maturity Model

Primary Standards

CISA Zero Trust Maturity Model v2.0 (April 2023)

  • Source: Cybersecurity and Infrastructure Security Agency
  • Scope: Federal agencies and organizations implementing zero trust
  • Five Pillars: Identity, Devices, Networks, Applications & Workloads, Data
  • Four Maturity Stages: Traditional, Initial, Advanced, Optimal
  • Cross-Cutting: Visibility & Analytics, Automation & Orchestration, Governance

NIST SP 800-207: Zero Trust Architecture

  • Published: August 2020
  • Tenets: Never trust, always verify; assume breach; least privilege access
  • Deployment Models: Device agent/gateway, enclave, resource portal
  • Key Requirement: Policy decision point (PDP) and policy enforcement point (PEP)

Executive Order 14028: Improving the Nation's Cybersecurity

  • Signed: May 12, 2021
  • Mandate: Federal agencies must adopt zero trust architecture
  • Timeline: Agencies required to develop zero trust implementation plans

OMB Memorandum M-22-09: Federal Zero Trust Strategy

  • Published: January 2022
  • Requirements per pillar:
    • Identity: Phishing-resistant MFA for all staff
    • Devices: EDR deployed across federal endpoints
    • Networks: DNS traffic encrypted, HTTP traffic encrypted
    • Applications: Application security testing in CI/CD
    • Data: Data categorization and automated classification

Supporting Standards

NSA Zero Trust Pillar Guidance Series (2024)

  • User Pillar (February 2024)
  • Device Pillar (March 2024)
  • Data Pillar (April 2024)
  • Application & Workload Pillar (April 2024)
  • Network & Environment Pillar (May 2024)
  • Visibility & Analytics Pillar (May 2024)
  • Automation & Orchestration Pillar (June 2024)

DISA Zero Trust Reference Architecture

  • Department of Defense specific implementation
  • Aligns with NIST 800-207 and CISA ZTMM
  • Covers DoD-specific compliance requirements

FedRAMP Zero Trust Requirements

  • Cloud service providers must support zero trust
  • Continuous monitoring requirements
  • Identity federation standards
Reference in New Issue View Git Blame Copy Permalink