creator/Anthropic-Cybersecurity-Skills
1
0
Fork 0
mirror of https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git synced 2026-06-13 14:44:58 +03:00
Code Issues Packages Projects Releases Wiki Activity
Files
d5f3fa32486ea335db802d68fe2147fa2da69583
Anthropic-Cybersecurity-Skills/skills/implementing-cisa-zero-trust-maturity-model/references/standards.md
T

52 lines
2.1 KiB
Markdown
Raw Blame History

# Standards Reference: CISA Zero Trust Maturity Model
## Primary Standards
### CISA Zero Trust Maturity Model v2.0 (April 2023)
- **Source**: Cybersecurity and Infrastructure Security Agency
- **Scope**: Federal agencies and organizations implementing zero trust
- **Five Pillars**: Identity, Devices, Networks, Applications & Workloads, Data
- **Four Maturity Stages**: Traditional, Initial, Advanced, Optimal
- **Cross-Cutting**: Visibility & Analytics, Automation & Orchestration, Governance
### NIST SP 800-207: Zero Trust Architecture
- **Published**: August 2020
- **Tenets**: Never trust, always verify; assume breach; least privilege access
- **Deployment Models**: Device agent/gateway, enclave, resource portal
- **Key Requirement**: Policy decision point (PDP) and policy enforcement point (PEP)
### Executive Order 14028: Improving the Nation's Cybersecurity
- **Signed**: May 12, 2021
- **Mandate**: Federal agencies must adopt zero trust architecture
- **Timeline**: Agencies required to develop zero trust implementation plans
### OMB Memorandum M-22-09: Federal Zero Trust Strategy
- **Published**: January 2022
- **Requirements per pillar**:
- Identity: Phishing-resistant MFA for all staff
- Devices: EDR deployed across federal endpoints
- Networks: DNS traffic encrypted, HTTP traffic encrypted
- Applications: Application security testing in CI/CD
- Data: Data categorization and automated classification
## Supporting Standards
### NSA Zero Trust Pillar Guidance Series (2024)
- User Pillar (February 2024)
- Device Pillar (March 2024)
- Data Pillar (April 2024)
- Application & Workload Pillar (April 2024)
- Network & Environment Pillar (May 2024)
- Visibility & Analytics Pillar (May 2024)
- Automation & Orchestration Pillar (June 2024)
### DISA Zero Trust Reference Architecture
- Department of Defense specific implementation
- Aligns with NIST 800-207 and CISA ZTMM
- Covers DoD-specific compliance requirements
### FedRAMP Zero Trust Requirements
- Cloud service providers must support zero trust
- Continuous monitoring requirements
- Identity federation standards
Reference in New Issue View Git Blame Copy Permalink