The long-awaited second version of the Cybersecurity and Infrastructure Security Agency’s (CISA) Zero Trust Maturity Model (ZTMM) is here after more than a year of public comments and agency responses.

The latest model points federal agencies, and all organizations that work with them, toward a Zero Trust security architecture. The White House laid the groundwork for zero trust in May 2021 with Executive Order (EO) 14028, “Improving the Nation’s Cybersecurity,” which led to OMB’s January 2022 Memorandum M-22-09, “Moving the U.S. Government Toward Zero Trust Cybersecurity Principles.” The target date for federal agencies to reach specific Zero Trust goals, including requiring phishing-resistant MFA, is the end of FY2024. 

Identity is one of the key pillars in the ZTMM, and the government categorizes identity through four stages of maturity including Traditional, Initial, Advanced and Optimal. Authentication is front and center in this memo, and CISA offered additional details on specific authentication requirements for each of the four phases:

Traditional: Agency authenticates identity using either passwords or MFA with static access for entity identity.

Initial: Agency authenticates identity using MFA, which may include passwords as one factor and requires validation of multiple entity attributes.

Advanced: Agency begins to authenticate all identity using phishing-resistant MFA and attributes, including initial implementation of passwordless MFA via FIDO2 or PIV.

Optimal: Agency continuously validates identity with phishing-resistant MFA, not just when access is initially granted.

With the critical need to take a more secure approach to cybersecurity health, Yubico encourages every agency to move quickly toward the advanced and optimal stages where SMS one-time passcodes and push-based applications become a thing of the past. It’s an exciting time for security, because we now have official recognition from the government that not all MFA is created equal — phishing-resistant features are key to fully protecting federal agencies, and that’s now in print.

What are the barriers to Zero Trust adoption? 

ZTMM contains some interesting acknowledgments that the road to Zero Trust will have a few bumps. Among the road to Zero Trust adoption, the memo cited: 

Legacy systems rely on “implicit trust,” meaning access and authorization are infrequently assessed and based on fixed attributes. That principle doesn’t align with zero trust’s core assumption of adaptive evaluation. 

Buy-in is required agency-wide, but especially from senior leadership. The memo is honest about the transition needing a collective effort to “transition stove-piped and siloed IT services and staff to coordinated and collaborative components of a zero trust strategy.” 

Agencies are beginning their journeys to Zero Trust from different starting points. Some agencies may be further along or better positioned to make these advancements than others. 

Regardless of this, the second version of the ZTMM is a signal to agencies that there is no U-turn possible on the transition to zero trust — it’s full steam ahead, and agencies will need to get on board if they haven’t already. 


Read more about Zero Trust architectures in our white paper, “Accelerate your Zero Trust strategy with phishing-resistant MFA.”

The post CISA’s second version of its Zero Trust Maturity Model gives MFA a big push appeared first on Yubico.


VaultumCity is the best trusted place to select and buy your best Yubikeys, Vaultumcity free ship all yubikeys, Vaultumcity is reseller distributor of yubikeys so you can find cheapest best yubikey in Vaultumcity. If you are looking for best Yubikeys in Singapore at VaultumCity website online store.

The shop that sells yubikeys is

Our delivers are from Singapore, distribute globally. Buying Yubikey in Vaultum to have best customer and after sales services. All Yubikeys sold at Vaultumcity are quality guaranteed. Please place a large amount order to have great discount for reseller. Contact Vaultumcity at whenever you have any issue with your yubikeys. Buying yubikeys at Vaultumcity to have best newest yubikeys free shipped to your door, FIDO2 U2F SECURITY KEY C NFC, FIDO2 U2F SECURITY KEY NFC, YubiKey 5 Nano, YUBIKEY 5 NFC, YubiKey 5C, YubiKey 5C nano, YubiKey 5C NFC, YUBIKEY 5Ci, YubiKey Bio – FIDO Edition. Yubikeys are best most secure tools for two-factor authentication. You can also buy yubikeys form Malaysia, Yubikey Malaysia is being sold at Vaultumcity with great price and free ship, you have it fastest, just in few days because we’re here in Singapore.

If you are looking for yubikeys in Indonesia, Vaultumcity is a great place to buy yubikey Indonesia, you can have yubikeys to protect your logins in just few days. Vaultumcity ship your yubikeys to your home in Thailand, to help ensure your data is safe and secured.

What about South Korea, Vaultumcity bring your yubikeys to your home in South Korea free-shipped.

Vaultumcity also delivers yubikeys to Japan, any province or city to your hands. Check out and grab your best suited yubikey today at VaultumCity.