Zero Trust Readiness Assessment Calculator

Evaluate your organization's Zero Trust security posture across the five core pillars: Identity, Devices, Network, Applications, and Data. Each pillar is scored 1–5 and weighted to produce an overall readiness score.

1. Identity Pillar

Covers MFA, identity governance, privileged access management, and SSO adoption.

Multi-Factor Authentication (MFA) Coverage (% of users) Identity & Access Management Maturity (1=Ad-hoc, 5=Fully Automated) Privileged Access Management (PAM) in Place? (1=None, 5=Full JIT/JEA)

2. Device Pillar

Covers endpoint compliance, MDM/EDR coverage, and device health attestation.

MDM/UEM Enrollment Coverage (% of devices) EDR/XDR Solution Maturity (1=None, 5=Full AI-driven response) Device Compliance Policy Enforcement (1=None, 5=Automated block on non-compliance)

3. Network Pillar

Covers micro-segmentation, ZTNA/SDP adoption, and east-west traffic inspection.

Micro-Segmentation Implementation (1=Flat network, 5=Full workload isolation) ZTNA/SDP Replacing VPN (% of remote access) East-West Traffic Inspection (1=None, 5=Full deep packet inspection)

4. Application Pillar

Covers app-level access control, API security, and DevSecOps integration.

Application-Level Access Control (1=IP-based, 5=Continuous adaptive auth) API Security Maturity (1=No controls, 5=Full gateway + behavioral analysis) DevSecOps / Shift-Left Security (1=None, 5=Fully integrated SAST/DAST/SCA)

5. Data Pillar

Covers data classification, DLP, and encryption at rest/in transit.

Data Classification Coverage (% of data assets classified) Data Loss Prevention (DLP) Maturity (1=None, 5=Automated enforcement across all channels) Encryption Coverage (1=None, 5=End-to-end encryption at rest + in transit)

6. Visibility & Analytics (Cross-Pillar)

SIEM/SOAR, UEBA, and continuous monitoring capabilities.

SIEM/SOAR Maturity (1=No SIEM, 5=Fully automated SOAR playbooks) UEBA / Behavioral Analytics (1=None, 5=ML-driven anomaly detection)

Fill in all fields and click Calculate.

Formula

Step 1 – Normalize percentage inputs to 1–5 scale:
Score = 1 + (Percentage / 100) × 4
Applies to: MFA Coverage, MDM Coverage, ZTNA Coverage, Data Classification Coverage.

Step 2 – Pillar Scores (average of sub-components):
Identity Score = (MFA_score + IAM + PAM) / 3
Device Score = (MDM_score + EDR + Compliance) / 3
Network Score = (Micro-seg + ZTNA_score + Inspection) / 3
Application Score = (AppSec + API + DevSecOps) / 3
Data Score = (Classify_score + DLP + Encryption) / 3
Visibility Score = (SIEM + UEBA) / 2

Step 3 – Weighted Overall Score (1–5 scale):
Overall = Identity×0.25 + Device×0.20 + Network×0.20 + Application×0.15 + Data×0.15 + Visibility×0.05

Step 4 – Convert to 0–100% Readiness Score:
Readiness (%) = ((Overall − 1) / 4) × 100

Maturity Levels: 0–20% = Level 1 (Traditional) | 20–40% = Level 2 (Advanced) | 40–60% = Level 3 (Optimal) | 60–80% = Level 4 (Advanced Optimal) | 80–100% = Level 5 (Optimizing)

Assumptions & References

Pillar weights are informed by NIST SP 800-207 (Zero Trust Architecture) and the CISA Zero Trust Maturity Model v2.0 (2023), which emphasize Identity as the primary control plane (25% weight).
Network and Device pillars share equal weight (20% each) reflecting their foundational role in ZT enforcement.
Application and Data pillars (15% each) represent critical but often later-stage ZT implementations.
Visibility & Analytics (5%) is a cross-cutting capability; its lower weight reflects that it amplifies other pillars rather than standing alone.
The 1–5 maturity scale aligns with the CISA ZT Maturity Model stages: Traditional → Initial → Advanced → Optimal → Optimizing.
Percentage-to-score normalization uses a linear mapping: 0% → 1, 100% → 5, consistent with coverage-based scoring in Forrester Zero Trust eXtended (ZTX) Framework.
Sub-component averaging assumes equal importance within each pillar; organizations may adjust weights based on their specific threat model.
References: NIST SP 800-207 (2020), CISA ZT Maturity Model v2.0 (2023), Forrester ZTX Framework, DoD Zero Trust Strategy (2022).

Zero Trust Readiness Assessment Calculator

Formula

Assumptions & References

More Calculators

In the network

Network