Zero Trust Maturity
Assess your organization's Zero Trust posture against the CISA Zero Trust Maturity Model (ZTMM).
Overview
Zero Trust is a security framework that eliminates implicit trust and continuously validates every stage of digital interaction. Infracast automatically evaluates your infrastructure against CISA's Zero Trust Maturity Model, providing visibility into your progress across all five pillars.
The Five Pillars
1. Identity
Verify users and devices before granting access.
What we assess:
- Multi-factor authentication coverage
- Identity provider integration
- Privileged access management
- Session management and timeout policies
- Identity lifecycle automation
2. Devices
Ensure devices meet security requirements before access.
What we assess:
- Device inventory completeness
- Endpoint protection status
- Configuration compliance
- Patch management currency
- Mobile device management
3. Networks
Segment and monitor network traffic.
What we assess:
- Network segmentation implementation
- Micro-segmentation readiness
- Encrypted communications
- Network monitoring coverage
- Firewall rule hygiene
4. Applications & Workloads
Protect applications and secure workload communications.
What we assess:
- Application inventory
- Workload protection coverage
- Container security posture
- API security controls
- Code signing and integrity
5. Data
Protect data at rest and in transit.
What we assess:
- Data classification coverage
- Encryption at rest
- Encryption in transit
- Data loss prevention controls
- Backup and recovery posture
Maturity Levels
Each pillar is scored across four maturity levels:
| Level | Description |
|---|---|
| Traditional | Perimeter-based security with static policies |
| Initial | Some Zero Trust principles adopted, manual processes |
| Advanced | Automated policies, centralized visibility, dynamic access |
| Optimal | Fully automated, adaptive policies, continuous verification |
OMB M-22-09 Compliance
For federal agencies, Infracast maps assessments directly to OMB Memorandum M-22-09 requirements for Zero Trust implementation by end of FY2024.
Tracked requirements include:
- Enterprise-wide identity management
- Phishing-resistant MFA
- Device inventory and EDR
- DNS encryption
- Application security testing
Using Zero Trust Assessment
Navigate to Zero Trust
- Go to Security → Zero Trust Maturity
- View your overall score and pillar breakdown
Understand Your Score
- Each pillar shows a maturity level (Traditional → Optimal)
- Overall score aggregates all pillars
- Color coding indicates areas needing attention
Improve Your Score
- Click on any pillar to see specific findings
- Review recommended improvements
- Address findings in priority order
- Re-run assessment to track progress
Reports
Generate Zero Trust maturity reports for:
- Executive summaries
- Technical assessments
- OMB M-22-09 compliance status
- Progress tracking over time
Reports can be exported as PDF, Word, or Markdown.
Best Practices
- Start with Identity — MFA and identity management provide the highest impact
- Focus on Critical Systems — Prioritize your most sensitive applications first
- Track Progress — Run assessments monthly to measure improvement
- Align with Business — Map technical controls to business risk tolerance