Overview
- Phase One defines 36 activities supporting 30 capabilities, and Phase Two adds 41 activities enabling 34 capabilities.
- Developed with the Department of War CIO, the guidelines organize 152 activities and align with NIST SP 800-207, CISA’s Zero Trust Maturity Model v2.0, and the DoW reference architecture.
- The modular design lets organizations tailor adoption and move from Discovery toward target-level zero trust maturity.
- NSA urges teams to review the earlier Primer and Discovery guidance, and says the current materials are aimed at skilled practitioners with potential advanced phases to come.
- Practitioners emphasize behavioral analytics and in-application visibility and caution that ZTNA-only deployments overlook application policy decision and enforcement points.