CybersecurityGuidelineIn 6clicks App

CISA ZTMM V2 — CISA Zero Trust Maturity Model V2

The CISA Zero Trust Maturity Model V2 provides a structured roadmap for organizations implementing a zero trust architecture. It outlines five key pillars and associated maturity levels to guide strategies and execution.

Talk to a GRC Expert View source ↗

The CISA Zero Trust Maturity Model V2 is a guidance framework designed to help organizations develop and implement zero trust strategies. The model features five pillars—Identity, Device, Network, Application Workload, and Data—and incorporates three cross-cutting capabilities: Visibility and Analytics, Automation and Orchestration, and Governance. Each pillar includes maturity examples ranging from traditional setups to advanced zero trust architectures. Released by the US Department of Homeland Security, it is considered a foundational document for building robust zero trust capabilities within organizations. The model emphasizes iterative improvement and provides actionable insights at different stages of maturity.

#zero trust#cybersecurity#guidance#identity management#network security

Related in Cybersecurity

CybersecurityGuidelineIn 6clicks App

Guidelines on ICT and Security Risk Management

The EBA Guidelines establish requirements for credit institutions, investment firms, and payment service providers on mitigating and managing information and communication technology (ICT) risks. They aim to ensure a consistent and robust approach to ICT and security risk management across the EU financial sector.

Issuer: European Banking Authority (EBA)
Jurisdiction: European Union
Version: 2025 update
Updated: Jul 2025

View detailsict risk · security management

CybersecurityFrameworkIn 6clicks App

C2M2 — Cybersecurity Capability Maturity Model

The Cybersecurity Capability Maturity Model (C2M2) is a tool developed by the U.S. Department of Energy to help organizations evaluate and enhance their cybersecurity capabilities. It focuses on both IT and OT environments, offering a structured framework of over 350 practices organized into 10 domains.

Issuer: U.S. Department of Energy
Jurisdiction: United States
Version: 2.1
Updated: Jun 2022

View detailscybersecurity · maturity model

CybersecurityControl setIn 6clicks App

ECC 2-2024 — Essential Cybersecurity Controls

The Essential Cybersecurity Controls (ECC 2-2024) aim to enhance cybersecurity at the national level in Saudi Arabia. They provide policies and controls to protect the information and technological assets of national entities.

Issuer: National Cybersecurity Authority
Jurisdiction: Kingdom of Saudi Arabia
Version: 2-2024
Updated: Apr 2026

View detailscybersecurity · controls