ZTMM

The CISA Zero Trust Maturity Model, a self-assessment framework that helps federal civilian executive branch agencies plan and measure progress against OMB Memorandum M-22-09. Version 2.0 (April 2023) defines four maturity stages (Traditional, Initial, Advanced, Optimal) across five pillars (Identity, Devices, Networks, Applications and Workloads, Data) and three cross-cutting capabilities (Visibility and Analytics, Automation and Orchestration, Governance). The Optimal stage requires automated dynamic policy enforcement, continuous validation, and self-enumerating dependencies. Most FCEB agencies report at the Initial or Advanced stage on most pillars as of late 2025.

ZTMM

Related terms in Federal Zero Trust