M-24-14 requirements for HVA and High Systems to assess their Zero Trust maturity

[MichaelSides]

OMB M-24-14, Administration Cybersecurity Priorities for the FY 2026 Budget directs Federal agencies to align each High Value Asset (HVA) system to the CISA Zero Trust Maturity Model - identifying current progress and expected progress by the end of FY26. To facilitate the OMB response, we ask you to complete this short GSA Zero Trust Maturity Datacall by 10/15/24.

In determining your current and FY26 maturity projection, please reference the CISA Zero Trust Maturity Model (ZTMM) in the linked template and provided below. Review the descriptions associated with each maturity level and select the maturity level that best fits your current status and FY26 target status. For FY26 targets, please provide details of your plans to increase maturity, including by ZTMM pillar.

For each system, complete Columns B through N to select a current Zero Trust maturity level and a target FY 26 Zero Trust Maturity Level for each of the 5 Zero Trust Pillars and includes a narrative of the update. Detailed instructions are in Cell A1.

PLEASE NOTE: GSA IS will hold two Office Hour sessions to answer any questions, be scheduled for 9/23/24 and 10/9/24; calendar holds will go out along with this email.

If you have any questions, please reach out to ociso-datacalls@gsa.gov. We will respond promptly.

[MichaelSides]

10/4/24: Discussed task with TTS ISSM/Sergio. Sent follow up to Login.gov team and will discuss with them further week of 10/7. Office Hours on 10/9 to obtain more details about task and the apparent extension of the deadline.

[MichaelSides]

Notification sent to LaKeisha, task is complete:

Even though this tasking was extended out to 10/22, it is complete for TTS:

1. SAM.gov worked directly with Will Salamon/ISI to map out the info and responses
2. Login.gov initially populated the data call and then I facilitated a meeting with Will/ISI to update some of the required verbiage/narrative