Skip to main content

Adding Technology Assets

Manually add security technologies like EDR or SIEM and link them to NIST subcategories.

Updated over 2 months ago

Overview

This article explains how to manually add a technology asset in Hyver — like a firewall, SIEM, or EDR. Technology assets represent security tools or controls used in your environment. Adding them helps Hyver reflect your security maturity and align with the NIST framework.

1. Open the Assets page

Click the Assets icon in the left navigation pane.

2. Add a new asset

Click Add asset at the top center of the page.

3. Select a technology type

  • In the Type dropdown, choose a security tool such as SIEM, EDR, or SAST.
    This marks the asset as a technology control and allows it to be mapped to NIST subcategories:

📌 The type you select determines how the asset will impact your maturity score.

Of course! Here’s the same content structured as a standalone article section, with a clear subtitle for visibility:

Reflecting Partial Technology Deployment in Hyver

If you're adding a technology that hasn’t been fully deployed yet, there’s a right way to reflect that in Hyver. First, add the technology asset as usual. Then, to balance its impact, create a finding that highlights the incomplete deployment and link it to the relevant NIST subcategories.

This ensures the maturity score reflects the current state — partial implementation shouldn't earn full credit. The finding will reduce the score for those subcategories until it’s resolved.

Once the deployment is complete and the finding is marked as fixed, the full positive impact of the technology will be restored.

In short:
Add the technology, but also add a finding that represents the gap — and make sure it’s tied to the right subcategories.

The full list of Technology asset types is copied here, for your convenience:

  • API Security

  • Asset Management

  • Backup and Recovery Systems

  • BAS (Breach and Attack Simulation)

  • BMS (Building Management System)

  • CASB (Cloud Access Security Broker)

  • CDR (Content Disarm and Reconstruction)

  • CNAPP (Cloud Native Application Protection Platform)

  • CRQ (Cyber Risk Quantification)

  • CSPM (Cloud Security Posture Management)

  • DAST (Dynamic Application Security Testing)

  • Data Flow Mapping Tool

  • Database Firewall

  • Database Web Application Firewall

  • Deception Tools

  • Digital Forensic Software

  • DLP (Data Loss Prevention)

  • DNS Security Tools

  • EDR or XDR (Endpoint Detection and Response)

  • EFSS (Enterprise File Sync and Share)

  • Email Security

  • Firewall

  • Firewall Analyzer

  • GRC (Governance, Risk & Compliance)

  • IDP or IAM (Identity and Access Management)

  • IDS or IPS (Intrusion Detection and Prevention System)

  • KMS (Key Management Service)

  • MDM (Mobile Device Management)

  • MDR (Managed Detection and Response)

  • NAC (Network Access Control)

  • PAM (Privileged Access Management)

  • Password Management Vault

  • Patch Management

  • Reverse Proxy

  • Safe Browsing

  • SAST (Static Application Security Testing)

  • Secure Web Gateway

  • SIEM (Security Information and Event Management)

  • SOAR System (Security Orchestration, Automation and Response) & Automated Playbooks

  • SSO (Single Sign On)

  • TIP (Threat Intelligence Platform)

  • URL Filtering

  • Vendor Management

  • VM (Vulnerability Management)

  • Vulnerability Assessment and Network Scanning

  • WAF (Web Application Firewall)

  • Zero Trust Network Access (ZTNA)

4. Enter required information

  • Tool name – Enter the name of the technology (e.g., SentinelOne, Splunk).

  • Engagement – Assign the asset to the relevant engagement.

  • Other fields (tags, importance, etc.) are optional but recommended for better organization.

5. Assign NIST subcategories

  • The primary framework is displayed first — here, NIST assignment is mandatory.

  • You can also optionally map the asset to other frameworks if relevant:

Click Create to save the asset.

6. Review maturity impact

Once created, the asset will be linked to its associated NIST subcategories.
It will appear in the Maturity calculation screen under the relevant categories, helping demonstrate the organization’s coverage and capabilities:

Important notes

  • Technology assets directly influence maturity scoring in Hyver.

  • Hyver itself is automatically added as a CRQ (Cyber Risk Quantification) technology asset:

  • You can edit or remove NIST subcategory assignments later if needed.

Wrap-up / Next Steps

Adding technology assets helps give a full picture of your security posture and maturity. Use this to reflect real tools in use, improve accuracy, and track gaps in your coverage.

Related Articles
Adding Process Assets
About the Maturity Assessment in Hyver
Technologies in the Maturity Assessment
Custom Technology in Maturity Assessment
Custom Process in Maturity Assessment
Did this answer your question?