Skip to main content
U.S. flag

An official website of the United States government

dot gov

Official websites use .gov
A .gov website belongs to an official government organization in the United States.


Secure .gov websites use HTTPS
A lock or https:// means you've safely connected to the .gov website. Share sensitive information only on official, secure websites.

Zero Trust Maturity Model

Executive Order 14028, “Improving the Nation’s Cybersecurity”, pushes agencies to adopt zero trust cybersecurity principles and adjust their network architectures accordingly.

To help this effort, the Cybersecurity and Infrastructure Security Agency (CISA) developed a Zero Trust Maturity Model to assist agencies as they implement zero trust architectures. The maturity model complements the Office of Management and Budget’s (OMB) Federal Zero Trust Strategy, and is designed to provide agencies with a roadmap and resources to achieve an optimal zero trust environment.

Download the Zero Trust Maturity Model here.

Read more in CISA’s blog post announcing the Zero Trust Maturity Model.

How to comment

CISA is holding a public comment period on the Zero Trust Maturity Model from September 7, 2021 until October 1, 2021. During that time, reviewers can submit their comments and feedback to

CISA hopes that agency, industry, and academia will participate in the comment period to ensure the maturity model fully addresses all considerations for zero trust.