Zero Trust Maturity
Domain self-assessment (identity, network, data, ops) with gaps and weekly actions.
Identity
MFA required for users and admins
Passwordless / phishing-resistant for critical roles
Automated joiner–mover–leaver with reviews
PAM / JIT for administrative privilege
Inventory and rotation of non-human identities
Devices
Trusted inventory of endpoints and servers
Device posture required for sensitive access
Network
Segmentation / microsegmentation beyond perimeter
Remote access via ZTNA (not flat VPN)
Applications
Central SSO for business apps
Fine-grained authorization (RBAC/ABAC) reviewed
Data
Sensitive data classification applied
Encryption in transit and at rest for critical assets
Ops & detection
Centralized auth, admin, and sensitive-data logs
Identity / privilege anomaly detection
Identity incident response playbooks tested
—
By domain
Biggest gaps (prioritize this week)
3 actions this week
Qualitative self-assessment — not a formal audit. Zero Trust is maturity, not a product.