Strategy and vision - PKI maturity model category
The purpose of this document is to provide information on maturity model and assessment questions for the strategy and vision category of the PKI maturity model.
It consists of the following parts:
- Maturity model
- Assessment questions
- Maturity evaluation
Maturity model
| 1 - Initial | 2 - Basic | 3 - Advanced | 4 - Managed | 5 – Optimized |
|---|
| No responsibilities No vision Ad-hoc implementation | Basic vision has been developed but not followed PKI is enforced, not managed | There is a responsible sponsor of the PKI Vision has been defined and approved but not fully implemented | Strategy and vision are followed and regularly measured | Strategy and vision are fully in line with the organizational strategy and helps business to achieve future development |
Assessment questions
- Is sponsor responsible for the PKI assigned?
| Answer | Maturity score |
|---|
| Sponsor is formally assigned and responsible for the PKI management | 5 |
| Sponsor is assigned and regularly measure the PKI management metrics | 4 |
| Sponsor is assigned but the resources are assigned based on the current needs | 3 |
| No sponsor is assigned, and resources are assigned based on request for PKI management | 2 |
| No sponsor is defined | 1 |
- Is PKI part of risk management process?
| Answer | Maturity score |
|---|
| PKI is regularly assessed and included in the overall risk management process | 5 |
| Assessment are measuring the risk associated with the PKI once a time | 4 |
| PKI risk management is performed according organizational standards for all services | 3 |
| Risk management is performed on the PKI based on the project request | 2 |
| Not at all | 1 |
