The goal of the CSMA is to provide a view of your current security posture, an objective review of existing plans, and a guide
to strategic planning. The CSMA will also help your organization develop tactical and strategic directions to further mature and
strengthen your security program efforts. Not to be forgotten, aligning your security program with the best practices outlined
in the assessment better positions your program to meet (and exceed) industry compliance standards

HOW IT WORKS

The Cyber Security Maturity Assessment focuses on specific controls that protect critical assets, infrastructure, applications,
and data by assessing your organization’s defensive posture. The assessment also emphasizes operational best practices for
each control area, as well as the organizational effectiveness and maturity of internal policies and procedures.

The Cyber Security Maturity Assessment focuses on specific controls that protect critical assets, infrastructure, applications,
and data by assessing your organization’s defensive posture. The assessment also emphasizes operational best practices for
each control area, as well as the organizational effectiveness and maturity of internal policies and procedures.

The CSMA assesses compliance with several industry requirements, as well as the following control sets and frameworks:

• Center for Internet Security Top 20 Common Security Controls (CSC20)
• NIST Cybersecurity Framework (NIST CSF)
• NIST Special Publication 800-53 (NIST 800-53)
• NIST Special Publication 800-171 (NIST 800-171)
• Department of Energy Cybersecurity Capability Maturity Model (DOE-C2M2)
• ISO/IEC 27001:2013 (ISO 27001)

Each of these control frameworks map to one another and are designed to provide a structure with which a security program
can measure its maturity and effectiveness—now and for the future

The Capability Maturity Model