CybersecurityGuideline

CISA ZTMM V2

CISA Zero Trust Maturity Model V2

The CISA Zero Trust Maturity Model V2 provides a structured roadmap for organizations implementing a zero trust architecture. It outlines five key pillars and associated maturity levels to guide strategies and execution.

Overview

The CISA Zero Trust Maturity Model V2 is a guidance framework designed to help organizations develop and implement zero trust strategies. The model features five pillars—Identity, Device, Network, Application Workload, and Data—and incorporates three cross-cutting capabilities: Visibility and Analytics, Automation and Orchestration, and Governance. Each pillar includes maturity examples ranging from traditional setups to advanced zero trust architectures. Released by the US Department of Homeland Security, it is considered a foundational document for building robust zero trust capabilities within organizations. The model emphasizes iterative improvement and provides actionable insights at different stages of maturity.

Related in Cybersecurity

CybersecurityStandardFramework

CAIQ v4.1.0 — Consensus Assessment Initiative Questionnaire v4.1.0

The Consensus Assessments Initiative Questionnaire (CAIQ) v4.1.0 is a comprehensive cloud security assessment questionnaire developed by the Cloud Security Alliance (CSA) and aligned with the Cloud Controls Matrix (CCM) v4.1 to help organizations evaluate the security, privacy, and compliance practices of cloud service providers. It includes 261 assessment questions mapped to 207 controls across 17 security domains, supporting detailed vendor due diligence, third-party risk management, and cloud security assessments using a standardized industry framework.

Cloud Security Alliance (CSA) • v4.1.0

View details
CybersecurityStandard

CAIQ Lite v4.1.0 — Consensus Assessments Initiative Questionnaire Lite v4.1.0

Consensus Assessments Initiative Questionnaire (CAIQ) Lite v4.1.0 is a streamlined cloud security assessment questionnaire developed by the Cloud Security Alliance (CSA) and aligned with the Cloud Controls Matrix (CCM) v4.1 to help organizations evaluate cloud service providers using a standardized approach. It includes 138 focused questions across 17 security domains, enabling efficient vendor due diligence, third-party risk management, and security posture assessments.

Cloud Security Alliance (CSA) • v4.1.0

View details
CybersecurityFrameworkStandard

CCM v4.1 — Cloud Controls Matrix v4.1

The Cloud Controls Matrix (CCM) v4.1 is a cybersecurity control framework that consists of 207 controls across 17 security domains, specifically tailored for cloud security and privacy. The Consensus Assessment Initiative Questionnaire (CAIQ) accompanies the CCM, offering a set of assessment questions to evaluate security controls.

Cloud Security Alliance (CSA) • v4.1

View details
CybersecurityStandard

SOC-CMM — SOC-CMM Assessment Tool

The SOC-CMM model is a capability maturity model that can be used to perform a self-assessment of your Security Operations Center (SOC). The model is based on review conducted on literature regarding SOC setup and existing SOC models as well as literature on specific elements within a SOC. The literature analysis was then validated by questioning several Security Operations Centers in different sectors and on different maturity levels to determine which elements were actually in place. The output from the survey, combined with the initial analysis is the basis for this self-assessment. For more information regarding the scientific background and the literature used to create the SOC-CMM self-assessment tool, please refer to the thesis document as available through: https://www.soc-cmm.com/

SOC-CMM

View details

Ready to manage these frameworks?

6clicks maps regulations to controls, evidence and risks — automatically.

Book your strategy call