- Home
- Skills
- Williamzujkowski
- Cognitive Toolworks
- Security Zerotrust Assessor
security-zerotrust-assessor_skill
- Python
5
GitHub Stars
2
Bundled Files
2 months ago
Catalog Refreshed
4 months ago
First Indexed
Readme & install
Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.
Installation
Preview and clipboard use veilstrat where the catalogue uses aiagentskills.
npx veilstrat add skill williamzujkowski/cognitive-toolworks --skill security-zerotrust-assessor- CHANGELOG.md968 B
- SKILL.md8.0 KB
Overview
This skill evaluates an organization's zero-trust maturity against the CISA Zero Trust Maturity Model (ZTMM) 2.0, focusing on identity, device, network, application, and data pillars. It produces a pillar-by-pillar maturity assessment, prioritized gaps, and a phased roadmap to reach a specified target maturity level.
How this skill works
The assessor maps observed controls and capabilities to CISA ZTMM maturity tiers (traditional, initial, advanced, optimal) for each pillar and flags critical gaps that lower overall scoring. It then prioritizes initiatives by impact and effort and produces 90-day, 180-day, and 1-year milestones aligned to CISA ZTMM and NIST SP 800-207 guidance.
When to use it
- Performing a baseline zero-trust maturity assessment for planning or compliance
- Preparing a migration plan from perimeter-based to zero-trust architecture
- Evaluating vendor or third-party zero-trust readiness questionnaires
- Modernizing security architecture and prioritizing investments
- Validating progress toward a target maturity (initial, advanced, optimal)
Best practices
- Provide an organization identifier and as much pillar-specific evidence as possible to reduce ambiguity
- Select specific pillars when you need focused assessments; default covers all five pillars
- Use the assessment output to drive measurable milestones (90/180/365 days)
- Treat any critical gap as a blocker for a higher maturity tier—avoid partial-credit assumptions
- Combine this assessment with implementation-focused teams or tools to execute the roadmap
Example use cases
- Quick CISA-aligned maturity snapshot for executive decision-making
- Roadmap generation for a 12-month zero-trust modernization program
- Gap analysis to support budget requests for identity and device improvements
- Third-party readiness check before onboarding a managed service provider
- Pre-audit assessment to prepare for CISA or federal zero-trust strategy compliance
FAQ
No. The skill provides assessment, prioritized initiatives, and a roadmap. Implementation requires operational teams or implementation tools.
What inputs are required to run a reliable assessment?
A non-empty organization identifier and either pillar-specific evidence or a selection of pillars. If pillars are omitted, the skill defaults to assessing all five pillars.