Thank you for completing the hardened network self-assessment. Your network security maturity score is
Capability now operates within defined thresholds, which are aligned to the needs of the business, and is continuously monitored and improved through quantitative techniques.
Using process metrics, management can effectively control processes.
organization’s
current status
Capability is either not implemented or does not achieve its purpose.
Processes are nonexistent. Nothing has been done or planned.
Capability has been implemented in an undefined way, with little to no integration, automation, measurement, or assurance.
Processes at this level are usually undocumented, dynamic, and driven in an ad hoc, uncontrolled, and reactive manner.
Capability is either not implemented or does not achieve its purpose.
Processes are nonexistent. Nothing has been done or planned.
Capability has been defined (planned, monitored and adjusted) across the organization (inclusive of third parties) and is supported by responsibilities and formal, mandated procedures. Compliance is monitored, and actions are taken to rectify noncompliance.
A full set of defined and documented processes exists and is subject to some degree of improvement over time.
Capability now operates within defined thresholds, which are aligned to the needs of the business, and is continuously monitored and improved through quantitative techniques.
Using process metrics, management can effectively control processes.
Capability and supporting processes are aligned with best practices and subject to continuous improvement. Results are concerned with predictability and control variation.
The focus is on continually improving processes and performance through incremental, innovative technological changes and improvements.
Capability is either not implemented or does not achieve its purpose.
Processes are nonexistent. Nothing has been done or planned.
Capability has been implemented in an undefined way, with little to no integration, automation, measurement, or assurance.
Processes at this level are usually undocumented, dynamic, and driven in an ad hoc, uncontrolled, and reactive manner.
Capability is either not implemented or does not achieve its purpose.
Processes are nonexistent. Nothing has been done or planned.
Capability has been defined (planned, monitored and adjusted) across the organization (inclusive of third parties) and is supported by responsibilities and formal, mandated procedures. Compliance is monitored, and actions are taken to rectify noncompliance.
A full set of defined and documented processes exists and is subject to some degree of improvement over time.
Capability now operates within defined thresholds, which are aligned to the needs of the business, and is continuously monitored and improved through quantitative techniques.
Using process metrics, management can effectively control processes.
Capability and supporting processes are aligned with best practices and subject to continuous improvement. Results are concerned with predictability and control variation.
The focus is on continually improving processes and performance through incremental, innovative technological changes and improvements.