Overview
This article explains how to add a process asset in Hyver — such as incident response or vendor onboarding procedures. Process assets represent policies or operational workflows that support your organization’s cybersecurity posture. When added, they contribute to NIST subcategory maturity scoring.
1. Open the Assets page
Click the Assets icon in the left navigation pane.
2. Add a new asset
Click Add asset at the top center of the page.
3. Select a process type
In the Type field, choose the relevant process from the dropdown — such as Alert handling process, DR procedure, or Incident management:
📌 The selected type defines the asset as a security process, enabling assignment to NIST subcategories.
The full list is copied here for your convenience:
Process and procedure asset types:
Alert handling process
Alert improvement process
Annual risk management review committee
Annual tabletop exercise
Authentication enforcement
BCP (Business Continuity Plan) drills
BCP (Business Continuity Planning) policy
BCP annual update and approval
BCP is communicated
Block network access
C-level management sponsorship
C-level tabletop drills
Central management (centralized security management)
Change Management
Change management procedure
Cloud governance policy
Conditional access policy review
Crown jewels analysis
CTI signals handling process
DAM (Database activity monitoring)
Data disposal procedure
Data mapping
Data protection policy
Data source health verification process
DDOS response process
Device onboarding offboarding
DR (Disaster Recovery) procedure
DRP (Digital risk protection) annual review
Employee internal mobility procedure
Employee onboarding offboarding Process
Escalation procedure
Event handling process
Forensics and mitigation planning
Forensics package collection process
GPOs (Deploying hardened Group Policy Objects)
Host and network isolation process
Implement and enforce a strong password policy
Inactive users review
Incident management and response
Incident management procedure
Incident reporting procedure
Information security policy review and annual approval
Information sharing policy
Information sharing procedure
IR (Incident response) drills
IR tabletop drills
IRP (Incident Response Plan) annual review
IRP (Incident Response Plan) annual update and approval
IRP (Incident Response Plan) Is communicated
KPIs are defined
KPIs communication policy
Legal implications analysis
Legal security communication process
Maintenance procedures
Network agent review process
Network segmentation and segregation
New initiative security approval
New security initiative approval
OT environment security strategy
OT security
Patching practice
Periodic application security bug analysis
Periodic awareness training
Phishing campaigns program
Physical security dispatch policies & procedures
Physical security policy and procedure
Policy communication to the organization
Post-mortem process
Privileged accounts hardening
PT (Penetration testing)
Purple team drills
Red team drills
Remote support procedure
Response plan drills
Restore drills
Restore process
Risk management process
Risk matrix annual review
Role based awareness training
Roles and responsibilities definition
RTO RPO policy
SAAS and on prem product catalog
Screening procedure
Secure Software Development Life Cycle (SDLC)
Security controls roles and responsibilities
Security monitoring policy
Security steering committee
Sensitive data removal and credentials rotation
Severity criteria
SIEM change management process
SOC playbooks and investigation procedure
SOC tiering structure
SOD (Segregation of duties)
Supply chain self assessment
System capacity testing
System hardening procedure
Temporary folders in file shares created
User access review
Vendor management Processes
Vendor on site support procedure
Vendor remote connection approval process
Vendors management procedure
Vendors onboarding procedure
Vendors remote access procedure
Vendors remote connection process
Visitors to physical sites procedure
Vulnerability KPI tracking
Web asset hardening
4. Fill in required information
Process name – Enter a descriptive name (e.g., "Quarterly IR drills"):
Engagement – Assign this asset to the correct engagement.
Other fields (tags, importance, etc.) are optional but helpful for filtering and tracking.
5. Assign NIST subcategories
Under Primary framework, select the appropriate NIST subcategory — this is mandatory.
You can optionally map the process to additional frameworks if relevant.
Click Create to save the asset.
6. Review maturity linkage
Once added, the process asset will appear under the associated NIST subcategory in the Maturity calculation screen. You can edit or adjust subcategory mappings later:
Important notes
Process assets directly affect your maturity score — they demonstrate that certain controls or procedures are in place.
The list of process types is extensive and includes policies, drills, onboarding, training, IR plans, and more.
Hyver requires NIST mapping to track how process assets support security readiness.
Wrap-up / Next Steps
Adding process assets helps connect your day-to-day security practices to measurable maturity progress. These assets show that your organization isn't just equipped with tools — it follows through with structured, documented processes.