Skip to main content

Zero Trust Maturity

Organizations can use maturity models to help them in their zero trust journey. Maturity models help organizations assess their current security posture, and provide guidance on how they can evolve towards realizing an optimal zero trust architecture. For ease of use, most models break down into domains, like identity or data, and assess each area across a gradient from beginning to ideal. Both governmental agencies and businesses publish maturity models. Many of these models include self-assessment questionnaires, which can be a useful tool for establishing your zero trust baseline.


CISA's Zero Trust Maturity Model is a roadmap for federal civilian agencies to reference as they begin to adopt zero trust for their information security. However, CISA's model has been widely referenced by organizations outside of the public space. ModernCyber has a page dedicated to CISA.


Microsoft's Zero Trust Maturity Model closely aligns to CISA's maturity model. Microsoft includes a useful self-assessment tool.


Cisco assesses an organization's maturity in six areas: user and identity, device, networks, workload, data, and security operations. Their self-assessment tool can be found here.

Palo Alto Networks

Palo Alto Network's Zero Trust Maturity Model is a five-step methodology for an organization's zero trust journey. Each step is benchmarked along five stages, from initial to optimized.


Illumio's zero trust assessment lets users see how they compare against other organizations.


Okta is a company that focuses on identity and access management solutions. They offer a zero trust assessment tool that focuses on identity and access management security.


Jumpcloud is a cloud-based directory service. They identify four stages in zero trust maturity, beginning with 'fragmented identity' and moving ultimately to 'adaptive authentication.' They have a self-assessment tool for users.


Fortra's assessment of your zero trust status.


CloudDirect's maturity assessment is a checklist.