Reporting
PKI maturity assessment report plays a crucial role to achieve the consistency of the results and comparable outputs.
Also, the possibility of reporting the maturity levels and progress is very important for continuous improvements and tracking of the PKI maturity in time.
The following standardized assessment reports are defined:
Self-assessment report
Self-assessment provides a quick estimation of the maturity level of the PKI environment. The self-assessment report is intended to be used by the organization or individual to get a quick overview of the maturity level of the PKI environment.
The self-assessment report should contain the following information:
- Date of the assessment
- Reference to the PKI maturity model and its version
- Overview of maturity level for each category and module
- Overall maturity level with the description of the achieved level
Assessment report
The purpose of this report is to provide enough information in a presentable format for management, in order to support the PKI strategy and improvement.
The assessment report should contain the following information:
- Date of the assessment and period of the assessment
- Identification of the assessor (internal / external)
- Reference to the PKI maturity model and its version
- Overview of the assessed PKI use case and scope
- Overall maturity level with the description of the achieved level
- Chart with the maturity levels in each module, and category
- Recommendation to move to next maturity level (if applicable)
Detailed report
The purpose of the detailed report is to have all the information regarding the assessment and maturity model in one place. The end users of the detailed report are internal people managing the PKI that would like to track progress and identify areas for improvements.
The detailed assessment report should contain the following:
- Date of the assessment and period of the assessment
- Identification of the assessor (internal / external)
- Reference to the PKI maturity model and its version
- Description of the assessed PKI use case
- Scoping and sampling information
- Overall rating of the assessment with description of achieved maturity level
- Detailed report about each of the category and its maturity level together with requirements assessment results and evidence
- Chart with the maturity of modules and categories
- Comparison of the current results with previous assessment (if applicable)
- Action plans to achieve the next level (if applicable)
Attestation report
This is a short report that can be presented to customers and relying parties to prove the compliance and maturity level of the PKI implementation.
THe attestation should contain:
- Overall maturity level achieved
- Date of the assessment
- Identification of the assessor (internal / external)
- Reference to the PKI maturity model and its version