Zero-Trust Security Model · Example Payload

Zero Trust Security Model Maturity Example

Access ControlCybersecurityFederalIdentity ManagementNetwork SecurityNISTSecuritySecurity FrameworkZero Trust

Zero Trust Security Model Maturity Example is an example object payload from Zero-Trust Security Model, with 6 top-level fields. It illustrates the shape of data this provider's APIs accept or return.

Top-level fields

organizationframeworkassessed_atassessoroverall_levelpillars

Example Payload

zero-trust-security-model-maturity-example.json Raw ↑ 
{
  "organization": "Example Federal Civilian Agency",
  "framework": "CISA-ZTMM-v2",
  "assessed_at": "2026-04-30",
  "assessor": "Zero Trust Program Office",
  "overall_level": "initial",
  "pillars": [
    {
      "pillar": "Identity",
      "level": "advanced",
      "evidence": [
        "Single SAML/OIDC IdP enforced for all interactive logins",
        "Phishing-resistant MFA (FIDO2) deployed to 95% of workforce",
        "Risk-based conditional access policies in production"
      ],
      "gaps": [
        "Service account inventory incomplete",
        "Workload identity (SPIFFE) not yet adopted"
      ]
    },
    {
      "pillar": "Devices",
      "level": "initial",
      "evidence": [
        "EDR deployed on managed endpoints",
        "MDM enrollment required for mobile"
      ],
      "gaps": [
        "Continuous device-posture signals not fed into policy decisions",
        "Unmanaged BYOD has flat network access"
      ]
    },
    {
      "pillar": "Networks",
      "level": "initial",
      "evidence": [
        "Inline TLS inspection at primary egress",
        "Initial microsegmentation in production VPC"
      ],
      "gaps": [
        "Legacy site-to-site VPN still in use for contractors",
        "East-west traffic mostly unsegmented"
      ]
    },
    {
      "pillar": "Applications and Workloads",
      "level": "initial",
      "evidence": [
        "Public web apps fronted by ZTNA broker"
      ],
      "gaps": [
        "Internal microservices rely on network position rather than identity",
        "No SBOM management"
      ]
    },
    {
      "pillar": "Data",
      "level": "traditional",
      "evidence": [
        "DLP on email gateways"
      ],
      "gaps": [
        "Data classification not enforced",
        "No data-centric encryption with key brokering"
      ]
    },
    {
      "pillar": "Visibility and Analytics",
      "level": "initial",
      "evidence": [
        "Centralized SIEM with EDR, IdP, and gateway logs"
      ],
      "gaps": [
        "UEBA not in place",
        "Alert fatigue - low automation"
      ]
    },
    {
      "pillar": "Automation and Orchestration",
      "level": "traditional",
      "evidence": [
        "Provisioning via SCIM"
      ],
      "gaps": [
        "No SOAR playbooks for ZT signal-driven response"
      ]
    },
    {
      "pillar": "Governance",
      "level": "initial",
      "evidence": [
        "Annual access recertification"
      ],
      "gaps": [
        "Zero Trust roadmap not yet board-approved",
        "Funding fragmented across IT and security"
      ]
    }
  ]
}