Overview
The Maturity Assessment screen in Hyver is where you do most of the hands-on work to assess and track your cybersecurity maturity. This article walks through each section of the screen, how scoring works, and how linked elements like findings, technologies, and processes influence the final score.
Key Sections of the Maturity Assessment Screen
Calculated Maturity Score
This is the score Hyver generates for the subcategory based on a weighted combination of inputs:
Manual maturity rating
Linked findings
Linked technologies
Linked processes
Scoring logic:
If all four inputs are used, each contributes 25% to the score
If only one input is used (e.g., only findings or only a manual score), it contributes 100%
If you select Unknown or Not Relevant, Hyver uses only the linked data for the score — if no links exist, no score is calculated
Manual Evaluation of Maturity
You can rate a subcategory using the scale below. This is based on how mature your organization’s implementation is for that specific area:
Level | Description |
1 – Initial | No defined processes; work is ad hoc or unassigned |
2 – Developing | Some controls or processes exist, but they’re partial |
3 – Defined | Formal policies and tech are standardized and implemented |
4 – Managed | Technical and procedural effectiveness is actively measured |
5 – Optimized | Focus is on continuous improvement and adaptability |
Unknown | Use if you're unable to rate this subcategory |
Not Relevant | Use if the subcategory doesn’t apply to your organization |
Findings
Shows the number of linked findings from your organization that apply to this subcategory
Click a finding to link or unlink it directly
You can also add findings via the Findings page
Permissions determine what you can view or edit
Technologies
Linked security tools (e.g., EDR) that support this subcategory
Each linked technology contributes a fixed maturity score of 3
If your manual score is higher than 3, the linked technology will not lower the final score
Processes
Linked procedural assets (e.g., alert handling, postmortems)
Each contributes a fixed maturity score of 3, and won’t lower higher manual scores
Add processes via the Assets screen
Standards Tab
Displays how this subcategory maps to other frameworks (e.g., NIST CSF 1.1, ISO 27001:2022, DORA)
Comments Tab
Use this to document your reasoning or collaborate
Tag a colleague by typing @email to send them a notification
History Tab
Shows a timeline of changes to this subcategory
Helps track adjustments, contributors, and rationale over time
Wrap-up / Next Steps
The Maturity Assessment screen gives you full control over how you evaluate, document, and justify each subcategory. Use linked findings, technologies, and processes to strengthen your ratings — and lean on comments and history to keep your process accountable and collaborative.