Strategy and vision - PKI maturity model category

The purpose of this document is to provide information on maturity model and assessment questions for the strategy and vision category of the PKI maturity model.

It consists of the following parts:

  • Maturity model
  • Assessment questions
  • Maturity evaluation

Maturity model

1 - Initial2 - Basic3 - Advanced4 - Managed5 – Optimized
No responsibilities No vision Ad-hoc implementationBasic vision has been developed but not followed PKI is enforced, not managedThere is a responsible sponsor of the PKI Vision has been defined and approved but not fully implementedStrategy and vision are followed and regularly measuredStrategy and vision are fully in line with the organizational strategy and helps business to achieve future development

Assessment questions

  1. Is sponsor responsible for the PKI assigned?
AnswerMaturity score
Sponsor is formally assigned and responsible for the PKI management5
Sponsor is assigned and regularly measure the PKI management metrics4
Sponsor is assigned but the resources are assigned based on the current needs3
No sponsor is assigned, and resources are assigned based on request for PKI management2
No sponsor is defined1
  1. Is PKI part of risk management process?
AnswerMaturity score
PKI is regularly assessed and included in the overall risk management process5
Assessment are measuring the risk associated with the PKI once a time4
PKI risk management is performed according organizational standards for all services3
Risk management is performed on the PKI based on the project request2
Not at all1
Participate in our community discussions and/or join the consortium