ASSESSMENT COMPLETE!

Thank you for completing the hardened network self-assessment. Your network security maturity score is

2 - Repeatable

Capability is either not implemented or does not achieve its purpose.

Processes are nonexistent. Nothing has been done or planned.

organization’s

current status

level 0
Non-Existent

LEVEL 0 - Non-Existent

Capability is either not implemented or does not achieve its purpose.

Processes are nonexistent. Nothing has been done or planned.

level 1
Ad Hoc

LEVEL 1 - Ad Hoc

Capability has been implemented in an undefined way, with little to no integration, automation, measurement, or assurance.

Processes at this level are usually undocumented, dynamic, and driven in an ad hoc, uncontrolled, and reactive manner.

level 2
Repeatable

LEVEL 2 - Repeatable

Capability is either not implemented or does not achieve its purpose.

Processes are nonexistent. Nothing has been done or planned.

level 3
Defined

LEVEL 3 - Defined

Capability has been defined (planned, monitored and adjusted) across the organization (inclusive of third parties) and is supported by responsibilities and formal, mandated procedures. Compliance is monitored, and actions are taken to rectify noncompliance.

A full set of defined and documented processes exists and is subject to some degree of improvement over time.

level 4
Managed

LEVEL 4 - Managed

Capability now operates within defined thresholds, which are aligned to the needs of the business, and is continuously monitored and improved through quantitative techniques.

Using process metrics, management can effectively control processes.

level 5
Optimized

LEVEL 5 - Optimized

Capability and supporting processes are aligned with best practices and subject to continuous improvement. Results are concerned with predictability and control variation.

The focus is on continually improving processes and performance through incremental, innovative technological changes and improvements.

LEVEL 0 - Non-Existent

Capability is either not implemented or does not achieve its purpose.

Processes are nonexistent. Nothing has been done or planned.

LEVEL 1 - Ad Hoc

Capability has been implemented in an undefined way, with little to no integration, automation, measurement, or assurance.

Processes at this level are usually undocumented, dynamic, and driven in an ad hoc, uncontrolled, and reactive manner.

LEVEL 2 - Repeatable

Capability is either not implemented or does not achieve its purpose.

Processes are nonexistent. Nothing has been done or planned.

LEVEL 3 - Defined

Capability has been defined (planned, monitored and adjusted) across the organization (inclusive of third parties) and is supported by responsibilities and formal, mandated procedures. Compliance is monitored, and actions are taken to rectify noncompliance.

A full set of defined and documented processes exists and is subject to some degree of improvement over time.

LEVEL 4 - Managed

Capability now operates within defined thresholds, which are aligned to the needs of the business, and is continuously monitored and improved through quantitative techniques.

Using process metrics, management can effectively control processes.

LEVEL 5 - Optimized

Capability and supporting processes are aligned with best practices and subject to continuous improvement. Results are concerned with predictability and control variation.

The focus is on continually improving processes and performance through incremental, innovative technological changes and improvements.