Overall Maturity
2.0 / 5.0

based on practice scores

Controls Conformance
100%

fully compliant

Top Risk Area
GOVERN

2.0 Gap to target

Assessment Progress
24/24

controls assessed

Maturity Overview
Current vs. Target maturity scores across NIST CSF 2.0 Functions.
Gap Analysis
Difference between current and target scores.
Maturity Scores by Function
Detailed breakdown of Policy, Practice, and Target scores.
FunctionPolicy ScorePractice ScoreTarget ScoreGap
GOVERN1.72.04.0
2.0
Maturity Level Descriptions
Reference for Policy and Practice maturity levels.
Maturity LevelExpectation of Policy Maturity LevelExpectation of Practice Maturity Level
1 - InitialPolicy or standard does not exist or is not formally approved by management.Standard process does not exist.
2 - RepeatablePolicy or standard exists, but has not been reviewed in more than 2 yearsAd-hoc process exists and is done informally.
3 - DefinedPolicy and standard exists with formal management approval. Policy exceptions are documented, approved and occur less than 5% of the time.Formal process exists and is documented. Evidence can be provided for most activities. Less than 10% exceptions.
4 - ManagedPolicy and standard exists with formal management approval. Policy exceptions are documented, approved and occur less than 3% of the time.Formal process exists and is documented. Evidence can be provided for all activities and detailed metrics of the process are captured and reported. Minimal target for metrics has been established. Less than 5% of process exceptions occur with minimal reoccuring exceptions.
5 - OptimizingPolicy and standard exists with formal management approval. Policy exceptions are documented, approved and occur less than 0.5% of the time.Formal process exists and is doucmented. Evidence can be provided for all activities and detailed metrics of the process are captured and reported.  Minimal target for metrics has been established and continually improving. Less than 1% of process exceptions occur.