Zero Trust Readiness Assessment Calculator
ANA›Life Services Authority›National Calculator Authority›Zero Trust Readiness Assessment Calculator
.calc-container { max-width: 640px; margin: 2rem 0; padding: 1.5rem; background: #fff; border: 1px solid #ddd; border-radius: 8px; box-shadow: 0 1px 3px rgba(0,0,0,0.06); font-family: system-ui, -apple-system, sans-serif; } .calc-container h3 { font-family: Georgia, serif; font-size: 1.15rem; color: #1a1a1a; margin-bottom: 1rem; padding-bottom: 0.5rem; border-bottom: 2px solid var(--ac, #3d5a80); } .calc-row { display: flex; align-items: center; gap: 0.75rem; margin-bottom: 0.75rem; flex-wrap: wrap; } .calc-row label { min-width: 160px; font-size: 0.9rem; color: #333; font-weight: 500; } .calc-row input[type="number"], .calc-row select { flex: 1; min-width: 120px; max-width: 200px; padding: 0.5rem 0.6rem; border: 1px solid #ccc; border-radius: 4px; font-size: 0.9rem; font-family: system-ui, sans-serif; color: #1a1a1a; background: #fafaf8; } .calc-row input:focus, .calc-row select:focus { outline: none; border-color: var(--ac, #3d5a80); box-shadow: 0 0 0 2px rgba(26,74,138,0.12); } .calc-row .unit { font-size: 0.82rem; color: #888; min-width: 30px; } .calc-btn { display: inline-block; margin-top: 0.5rem; padding: 0.55rem 1.5rem; background: var(--ac, #3d5a80); color: #fff; border: none; border-radius: 4px; font-size: 0.9rem; font-weight: 600; cursor: pointer; font-family: system-ui, sans-serif; } .calc-btn:hover { opacity: 0.9; } .calc-result { margin-top: 1.25rem; padding: 1rem 1.25rem; background: #f0f6fc; border-left: 3px solid var(--ac, #3d5a80); border-radius: 0 6px 6px 0; display: none; } .calc-result.visible { display: block; } .calc-result-label { font-size: 0.78rem; text-transform: uppercase; letter-spacing: 0.06em; color: #666; margin-bottom: 0.25rem; } .calc-result-value { font-size: 1.6rem; font-weight: 700; color: var(--ac, #3d5a80); } .calc-result-detail { font-size: 0.85rem; color: #555; margin-top: 0.5rem; line-height: 1.5; } .calc-note { margin-top: 1rem; font-size: 0.8rem; color: #888; font-style: italic; } .calc-grid { display: grid; grid-template-columns: 1fr 1fr; gap: 0.75rem; margin-top: 0.75rem; } .calc-grid-item { padding: 0.6rem 0.8rem; background: #f8f9fa; border-radius: 4px; border: 1px solid #eee; } .calc-grid-item .label { font-size: 0.75rem; color: #888; text-transform: uppercase; letter-spacing: 0.04em; } .calc-grid-item .value { font-size: 1.1rem; font-weight: 600; color: #1a1a1a; } @media (max-width: 720px) { .calc-row { flex-direction: column; align-items: flex-start; gap: 0.3rem; } .calc-row label { min-width: auto; } .calc-row input[type="number"], .calc-row select { max-width: 100%; width: 100%; } .calc-grid { grid-template-columns: 1fr; } } .calc-chart { margin: 1rem 0; text-align: center; } .calc-chart svg { max-width: 100%; height: auto; } .calc-chart-legend { display: flex; flex-wrap: wrap; justify-content: center; gap: 0.6rem 1.2rem; margin-top: 0.6rem; font-size: 0.8rem; color: #555; } .calc-chart-legend span { display: inline-flex; align-items: center; gap: 0.3rem; } .calc-chart-legend i { display: inline-block; width: 10px; height: 10px; border-radius: 2px; font-style: normal; } .calc-related { max-width: 640px; margin: 2rem 0 1rem; padding: 1.25rem 1.5rem; background: #f8f9fa; border: 1px solid #e8e8e8; border-radius: 8px; } .calc-related h3 { font-family: Georgia, serif; font-size: 1rem; color: #1a1a1a; margin: 0 0 0.75rem; padding-bottom: 0.4rem; border-bottom: 2px solid var(--ac, #3d5a80); } .calc-related-list { list-style: none; padding: 0; margin: 0 0 0.75rem; display: grid; grid-template-columns: 1fr 1fr; gap: 0.4rem 1.5rem; } .calc-related-list li a { font-size: 0.88rem; color: var(--ac, #3d5a80); text-decoration: none; } .calc-related-list li a:hover { text-decoration: underline; } .calc-browse-all { margin: 0.5rem 0 0; font-size: 0.9rem; font-weight: 600; } .calc-browse-all a { color: var(--ac, #3d5a80); text-decoration: none; } .calc-browse-all a:hover { text-decoration: underline; } @media (max-width: 720px) { .calc-related-list { grid-template-columns: 1fr; } }
Zero Trust Readiness Assessment Calculator
Evaluate your organization's Zero Trust security posture across the five core pillars: Identity, Devices, Network, Applications, and Data. Each pillar is scored 1–5 and weighted to produce an overall readiness score.
1. Identity Pillar Covers MFA, identity governance, privileged access management, and SSO adoption.
Multi-Factor Authentication (MFA) Coverage (% of users)
Identity & Access Management Maturity (1=Ad-hoc, 5=Fully Automated)
Privileged Access Management (PAM) in Place? (1=None, 5=Full JIT/JEA)
2. Device Pillar Covers endpoint compliance, MDM/EDR coverage, and device health attestation.
MDM/UEM Enrollment Coverage (% of devices)
EDR/XDR Solution Maturity (1=None, 5=Full AI-driven response)
Device Compliance Policy Enforcement (1=None, 5=Automated block on non-compliance)
3. Network Pillar Covers micro-segmentation, ZTNA/SDP adoption, and east-west traffic inspection.
Micro-Segmentation Implementation (1=Flat network, 5=Full workload isolation)
ZTNA/SDP Replacing VPN (% of remote access)
East-West Traffic Inspection (1=None, 5=Full deep packet inspection)
4. Application Pillar Covers app-level access control, API security, and DevSecOps integration.
Application-Level Access Control (1=IP-based, 5=Continuous adaptive auth)
API Security Maturity (1=No controls, 5=Full gateway + behavioral analysis)
DevSecOps / Shift-Left Security (1=None, 5=Fully integrated SAST/DAST/SCA)
5. Data Pillar Covers data classification, DLP, and encryption at rest/in transit.
Data Classification Coverage (% of data assets classified)
Data Loss Prevention (DLP) Maturity (1=None, 5=Automated enforcement across all channels)
Encryption Coverage (1=None, 5=End-to-end encryption at rest + in transit)
6. Visibility & Analytics (Cross-Pillar) SIEM/SOAR, UEBA, and continuous monitoring capabilities.
SIEM/SOAR Maturity (1=No SIEM, 5=Fully automated SOAR playbooks)
UEBA / Behavioral Analytics (1=None, 5=ML-driven anomaly detection)
Calculate Zero Trust Readiness Score Fill in all fields and click Calculate.
function zerCalc() { // --- Read inputs --- var mfa = parseFloat(document.getElementById('zer_mfa').value); var iam = parseFloat(document.getElementById('zer_iam').value); var pam = parseFloat(document.getElementById('zer_pam').value); var mdm = parseFloat(document.getElementById('zer_mdm').value); var edr = parseFloat(document.getElementById('zer_edr').value); var compliance = parseFloat(document.getElementById('zer_compliance').value); var microseg = parseFloat(document.getElementById('zer_microseg').value); var ztna = parseFloat(document.getElementById('zer_ztna').value); var inspection = parseFloat(document.getElementById('zer_inspection').value); var appsec = parseFloat(document.getElementById('zer_appsec').value); var api = parseFloat(document.getElementById('zer_api').value); var devsecops = parseFloat(document.getElementById('zer_devsecops').value); var classify = parseFloat(document.getElementById('zer_classify').value); var dlp = parseFloat(document.getElementById('zer_dlp').value); var encrypt = parseFloat(document.getElementById('zer_encrypt').value); var siem = parseFloat(document.getElementById('zer_siem').value); var ueba = parseFloat(document.getElementById('zer_ueba').value);
// --- Validation --- var errors = []; if (isNaN(mfa) || mfa 100) errors.push("MFA Coverage must be 0–100."); if (isNaN(iam) || iam 5) errors.push("IAM Maturity must be 1–5."); if (isNaN(pam) || pam 5) errors.push("PAM must be 1–5."); if (isNaN(mdm) || mdm 100) errors.push("MDM Coverage must be 0–100."); if (isNaN(edr) || edr 5) errors.push("EDR Maturity must be 1–5."); if (isNaN(compliance) || compliance 5) errors.push("Device Compliance must be 1–5."); if (isNaN(microseg) || microseg 5) errors.push("Micro-Segmentation must be 1–5."); if (isNaN(ztna) || ztna 100) errors.push("ZTNA Coverage must be 0–100."); if (isNaN(inspection) || inspection 5) errors.push("Traffic Inspection must be 1–5."); if (isNaN(appsec) || appsec 5) errors.push("App Access Control must be 1–5."); if (isNaN(api) || api 5) errors.push("API Security must be 1–5."); if (isNaN(devsecops) || devsecops 5) errors.push("DevSecOps must be 1–5."); if (isNaN(classify) || classify 100) errors.push("Data Classification must be 0–100."); if (isNaN(dlp) || dlp 5) errors.push("DLP Maturity must be 1–5."); if (isNaN(encrypt) || encrypt 5) errors.push("Encryption must be 1–5."); if (isNaN(siem) || siem 5) errors.push("SIEM/SOAR must be 1–5."); if (isNaN(ueba) || ueba 5) errors.push("UEBA must be 1–5.");
if (errors.length > 0) { document.getElementById('zer_result').innerHTML = 'Validation Errors:' + errors.map(function(e){ return ''; }).join('') + ''; return; }
// --- Normalize percentage inputs to 1–5 scale --- // pct_to_score: 0%=1, 25%=2, 50%=3, 75%=4, 100%=5 function pctToScore(pct) { return 1 + (pct / 100) * 4; }
var mfa_score = pctToScore(mfa); var mdm_score = pctToScore(mdm); var ztna_score = pctToScore(ztna); var classify_score = pctToScore(classify);
// --- Pillar Scores (average of sub-components, scale 1–5) --- var identity_score = (mfa_score + iam + pam) / 3; var device_score = (mdm_score + edr + compliance) / 3; var network_score = (microseg + ztna_score + inspection) / 3; var app_score = (appsec + api + devsecops) / 3; var data_score = (classify_score + dlp + encrypt) / 3; var visibility_score = (siem + ueba) / 2;
// --- Pillar Weights (NIST SP 800-207 / CISA ZT Maturity Model informed) --- // Identity: 25%, Device: 20%, Network: 20%, Application: 15%, Data: 15%, Visibility: 5% var w_identity = 0.25; var w_device = 0.20; var w_network = 0.20; var w_app = 0.15; var w_data = 0.15; var w_visibility = 0.05;
// --- Weighted Overall Score (1–5 scale) --- var overall_raw = identity_score * w_identity + device_score * w_device + network_score * w_network + app_score * w_app + data_score * w_data + visibility_score * w_visibility;
// --- Convert to 0–100 percentage score --- // Formula: Score_pct = ((overall_raw - 1) / 4) * 100 var overall_pct = ((overall_raw - 1) / 4) * 100;
// --- Maturity Level Classification --- var maturity, maturity_color, maturity_desc; if (overall_pct ' + ''; }
// --- Output --- var html = '### Zero Trust Readiness Results ';
html += ''; html += '' + overall_pct.toFixed(1) + '%'; html += '' + maturity + ''; html += '' + maturity_desc + ''; html += '';
html += '#### Pillar Breakdown '; var colors = ["#3498db","#9b59b6","#e67e22","#27ae60","#e74c3c","#1abc9c"]; for (var i = 0; i '; html += '' + p.name + ''; html += ' (weight: ' + (wt100).toFixed(0) + '%)'; html += ' — ' + p.pct + '%*'; html += bar(parseFloat(p.pct), colors[i]); html += ''; }
html += ''; html += '⚠ Weakest Pillar: ' + weakest.name + ' (' + weakest.pct + '%)'; html += 'Prioritize improvements in the ' + weakest.name + ' pillar to achieve the greatest uplift in your overall Zero Trust score.'; html += '';
html += ''; html += 'Overall Weighted Score: ' + overall_raw.toFixed(3) + ' / 5.000'; html += 'Readiness Percentage: ' + overall_pct.toFixed(2) + '%'; html += 'Maturity Level: ' + maturity; html += '';
document.getElementById('zer_result').innerHTML = html; }
#### Formula
Step 1 – Normalize percentage inputs to 1–5 scale: Score = 1 + (Percentage / 100) × 4 Applies to: MFA Coverage, MDM Coverage, ZTNA Coverage, Data Classification Coverage.
Step 2 – Pillar Scores (average of sub-components): Identity Score = (MFA_score + IAM + PAM) / 3 Device Score = (MDM_score + EDR + Compliance) / 3 Network Score = (Micro-seg + ZTNA_score + Inspection) / 3 Application Score = (AppSec + API + DevSecOps) / 3 Data Score = (Classify_score + DLP + Encryption) / 3 Visibility Score = (SIEM + UEBA) / 2
Step 3 – Weighted Overall Score (1–5 scale): Overall = Identity×0.25 + Device×0.20 + Network×0.20 + Application×0.15 + Data×0.15 + Visibility×0.05
Step 4 – Convert to 0–100% Readiness Score: Readiness (%) = ((Overall − 1) / 4) × 100
Maturity Levels: 0–20% = Level 1 (Traditional) | 20–40% = Level 2 (Advanced) | 40–60% = Level 3 (Optimal) | 60–80% = Level 4 (Advanced Optimal) | 80–100% = Level 5 (Optimizing)
#### Assumptions & References
- Pillar weights are informed by NIST SP 800-207 (Zero Trust Architecture) and the CISA Zero Trust Maturity Model v2.0 (2023), which emphasize Identity as the primary control plane (25% weight).
- The 1–5 maturity scale aligns with the CISA ZT Maturity Model stages: Traditional → Initial → Advanced → Optimal → Optimizing.
- Percentage-to-score normalization uses a linear mapping: 0% → 1, 100% → 5, consistent with coverage-based scoring in Forrester Zero Trust eXtended (ZTX) Framework.
More Calculators
- D&D 5e Encounter Difficulty Calculator
- MTG Deck Probability Calculator
- D&D 5e XP & Leveling Calculator
- Water Damage Drying Time Estimator
- Mold Remediation Area Calculator
- Fire Damage Restoration Cost Estimator
Read Next
Study Time Planner ANA › Life Services Authority › National Calculator Authority › Study Time Planner .calc-container { max-width: 640px; margin:...