Skip to main content
Image coming soon

CISA Zero Trust Maturity Model Evidence & Implementation Kit

$249.00
Adding to cart… The item has been added
CISA Zero Trust Maturity Model · ZTMM v2.0 · Evidence & Implementation Kit
Advance your Zero Trust maturity to the CISA model, without turning the pillars into controls yourself.
Every part of the CISA Zero Trust Maturity Model handed to you as an adopt-ready control, across the five pillars and three cross-cutting capabilities and the four maturity stages, with the evidence an assessor examines.
Zero-Trust-mature in a weekend, not a quarter.

Here is the honest situation. Federal agencies and their partners are measured against the CISA Zero Trust Maturity Model: five pillars, Identity, Devices, Networks, Applications and Workloads, and Data, plus three cross-cutting capabilities, Visibility and Analytics, Automation and Orchestration, and Governance, each progressing from Traditional through Initial and Advanced to Optimal. Knowing where you sit and advancing each pillar, with the evidence, is real work, and a pillar stuck at Traditional while you claim Zero Trust is exactly where the maturity stalls.

This Kit removes that translation. It is every part of the CISA ZTMM written as an adopt-ready control you personalize in a weekend, with the evidence an assessor examines.

What you get, the moment you buy

34
The pillars as adopt-ready controls. Every ZTMM pillar and cross-cutting capability, across the four maturity stages, written so you personalize and advance it. Phishing-resistant MFA and micro-segmentation are built in.
34
Evidence-they-examine checklists. For each control, exactly what an assessor examines, plus where zero trust maturity stalls, so you advance the stage.
1
Zero Trust Maturity Matrix, pre-built. Every control in a working spreadsheet, ready to record maturity stage, status and evidence location across the pillars.
1
Gap & Maturity Assessment. Score each control and the workbook returns your Zero Trust maturity as a single percentage, and exactly what to advance next.

Grounded in the CISA Zero Trust Maturity Model v2.0, with the five pillars, the three cross-cutting capabilities and the four maturity stages (Traditional, Initial, Advanced, Optimal) called out. Editable Word and Excel files.

Maturity is per pillar, not a single score
Zero Trust is not on or off, it advances pillar by pillar from Traditional to Optimal. This Kit shows the stage for each control across all five pillars and three cross-cutting capabilities, so you see exactly which pillars lag and what advancing each stage takes.

What one control looks like

This is the Identity pillar authentication, moving to phishing-resistant MFA. All 34 are built to this depth.

ZTMM-1 Phishing-resistant multifactor authentication IDENTITY
Implement this control

[Agency] shall authenticate all users with phishing-resistant multifactor authentication, progressing from passwords or simple MFA at the Traditional stage toward phishing-resistant MFA such as FIDO2, WebAuthn, or PIV that is enforced for every enterprise account at the Optimal stage, with passwordless flows preferred wherever the identity provider supports them.

Maturity note.

ZTMM v2.0 Identity pillar, Authentication function. Phishing-resistant MFA is the defining Advanced-to-Optimal signal.

Evidence an assessor examines
  • Identity provider configuration showing phishing-resistant MFA enforcement policy
  • Inventory of accounts by authentication method mapped to maturity stage
  • PIV or FIDO2 authenticator issuance and enrollment records
  • Exception register for accounts not yet on phishing-resistant MFA with remediation dates
Common finding they raise: Legacy applications and service accounts often remain on passwords or push-based MFA that resists phishing poorly.

Why this is not another template pack

  • The evidence is the point. Maturity you cannot evidence is a claim. This tells you what an assessor examines and where maturity stalls, for every pillar.
  • Pillars and stages built in. The five pillars, the three cross-cutting capabilities and the four maturity stages are written into the controls, so you measure and advance the way CISA intends.
  • Built on a mapped compliance corpus, not one person's opinion, from a graph of thousands of controls across standards.
  • It compounds. The ZTMM aligns with NIST 800-207 Zero Trust and the federal Zero Trust mandates, so this feeds your wider security program.

Who buys this

Federal agencies and the partners and vendors serving them, the security leads who own Zero Trust maturity, and consultants running a program. Whether it is a first assessment or a maturity uplift, you save weeks and walk in with the pillars and evidence structured.

By the end of the weekend you will have
✓  An adopt-ready control for all 34 items
✓  A completed Zero Trust maturity matrix
✓  The evidence an assessor examines
✓  Your pillar maturity stages defined
✓  A maturity percentage and an advancement plan
✓  The lagging pillars identified

Common questions

Is it really editable? Yes. Word and Excel files you own and adapt. No portal, no subscription.

What are the five pillars? Identity, Devices, Networks, Applications and Workloads, and Data, plus three cross-cutting capabilities. Each is built as controls.

What are the maturity stages? Traditional, Initial, Advanced and Optimal. The Kit shows the stage for each control so you can advance.

How does it relate to NIST 800-207? The ZTMM operationalizes the NIST 800-207 Zero Trust principles into a maturity model. The controls carry across.

What if it is not for me? A 30-day money-back guarantee.

Do not claim Zero Trust with pillars stuck at Traditional.
Every ZTMM control is fast to adopt with the Kit. It is instant, and it is guaranteed.
Add it to your cart and advance your maturity this weekend.

Instant digital download · 30-day money-back guarantee · The Art of Service Pty Ltd, GPO Box 2673, Brisbane QLD 4001 · support@theartofservice.com