PKI Maturity Model
This repository is part of the PKI Consortium PKI Maturity Model working group.
You can find more information about the working group and its goal in the PKI Maturity Model Working Group Charter.
Applicability
The PKI Maturity Model is intended for all entities that operates public key infrastructure, regardless of the size, industry, or use-case.
Whether the entity would like to follow this model is at discretion of the entity. The model is not mandatory and does not impose any requirements on the entity.
Goal
Our goal is to build a PKI maturity model that will be recognized around the globe as a standard for evaluation, planning, and comparison between different PKI implementations. It can also serve as a basis for additional services connected with the model, like PKI maturity assessment, or implementation and action plans definition for PKI environments.
The PKI maturity model and assessment methodology will be used as an entry point for anyone evaluating PKI environment by itself or using an independent third party.
The adoption of the PKI maturity model must be very easy and therefore the model must be very clear and understandable by different PKI environments, use-cases, industries, and open, available for anyone to use it. Assessment methodology will be developed to support on-site and automated assessment.
Model
The PKI Maturity Model defines 5 levels of the PKI maturity based on different indicators and associated risks.
Categories
The maturity model consists of several categories that covers aspects and activities related to the PKI (people, process, technology). The overall maturity level is determined based on the maturity of the categories.
See the full list of Categories.
Assessment methodology
Assessment methodology should give the consistent and convenient approach to assess maturity level of any PKI based on the pre-defined set of deterministic questions.
The methodology defines the self-assessment questionnaire and reporting template to support the comparable results of the PKI assessment between companies of the same size or the same industry.
Reporting
Reporting tools are defined to provide consistent results across different PKI implementations.