Overview
The Maturity Assessment screen in Cye Exposure Management Platform is where most of the hands-on work to assess and track cybersecurity maturity takes place. This article walks through each section of the screen, how scoring works, and how linked elements like findings, technologies, and processes influence the final score.
Key Sections of the Maturity Assessment Screen
Calculated Maturity Score
This is the score the Cye platform generates for the subcategory based on a weighted combination of inputs:
Manual maturity rating
Linked findings
Linked technologies
Linked processes
Scoring logic:
If all four inputs are used, each contributes 25% to the score
If only one input is used (e.g., only findings or only a manual score), it contributes 100%
If Unknown or Not Relevant is selected, the Cye platform uses only the linked data for the score: if no links exist, no score is calculated
Manual Evaluation of Maturity
Subcategories are rated using the following scale, based on the maturity of the organization's implementation for that specific area:
Level | Description |
1 – Initial | No defined processes; work is ad hoc or unassigned |
2 – Developing | Some controls or processes exist, but they're partial |
3 – Defined | Formal policies and tech are standardized and implemented |
4 – Managed | Technical and procedural effectiveness is actively measured |
5 – Optimized | Focus is on continuous improvement and adaptability |
Unknown | Use if you're unable to rate this subcategory |
Not Relevant | Use if the subcategory doesn't apply to your organization |
Findings
Shows the number of linked findings from your organization that apply to this subcategory
Click a finding to link or unlink it directly
You can also add findings via the Findings page
Permissions determine what you can view or edit
Technologies
Linked security tools (e.g., EDR) that support this subcategory
Each linked technology contributes a fixed maturity score of 3
If the manual score is higher than 3, the linked technology will not lower the final score
Processes
Linked procedural assets (e.g., alert handling, postmortems)
Each contributes a fixed maturity score of 3, and will not reduce a manual score above 3
Add processes via the Assets screen
Standards Tab
Displays how this subcategory maps to other frameworks (e.g., NIST CSF 1.1, ISO 27001:2022, DORA)
Comments Tab
Use this to document reasoning or facilitate collaboration
Tag a colleague by typing @email to send them a notification
History Tab
Shows a timeline of changes to this subcategory
Helps track adjustments, contributors, and rationale over time
Wrap-up / Next Steps
The Maturity Assessment screen provides full control over how to evaluate, document, and justify each subcategory. Use linked findings, technologies, and processes to strengthen ratings, and lean on comments and history to keep the process accountable and collaborative.