Overview
Cye Exposure Management Platform’s maturity calculation is designed to provide a realistic and transparent view of your security posture. Unlike traditional models that only reward a "Fixed" status, Hyver calculates maturity based on remediation progress. This means your score improves gradually as you perform work, reflecting partial efforts and providing a more accurate representation of your risk reduction.
How Progress is Calculated
The way Progress (%) is determined depends on whether the finding has remediation assets and whether you choose Automatic or Manual calculation.
Automatic Progress Calculation
Automatic Progress Calculation
By default, Hyver calculates progress automatically based on the following:
Findings with Remediation Assets: Progress depends on the status of the underlying assets. For example, if a finding has 4 assets and 3 are marked as "Fixed," the progress is 75%.
Excluding Assets: If an asset is marked as "Not Relevant," it is excluded from the calculation, effectively counting as "Fixed" for the purpose of the progress percentage.
Findings without Remediation Assets: Progress is derived directly from the finding’s status—moving from 0% (At-risk) to 100% when the status is changed to Fixed.
Manual Progress Override
Manual Progress Override
Users can choose to define progress manually at any time to reflect specific remediation efforts:
Editing Progress: You can directly edit the progress percentage.
Persistence: The system will use this user-defined value for maturity calculations until it is manually updated again or reset to automatic.
Impact on Maturity and Subcategories (NIST CSF )
Once the progress is determined (either automatically or manually), it directly influences the finding's maturity contribution:
Incremental Improvement: As progress increases, the maturity score improves gradually. You no longer have to wait for a "Fixed" status to see a positive impact on your dashboard.
Target Maturity: When a finding reaches 100% progress, it is assigned a maturity level of 3, unless a manual maturity override is applied.
Severity Influence: For findings that are still in progress, the maturity value is weighted by the finding's severity—meaning higher-severity issues require more progress to reach safer maturity levels.
Subcategory Maturity Scores
To provide a fair and accurate view of your status, Hyver calculates the maturity of a Subcategory by taking the average of the maturity values of all findings linked to it.
This averaging approach ensures that:
Every bit of progress you make on any finding contributes to the overall category score.
Your dashboard provides a balanced view of your total remediation effort across the entire platform.
Managing Your Progress and Maturity (Finding Page)
You can manage how progress and maturity are calculated either for a single finding or in bulk.
Individual Editing
Individual Editing
From the right pane of each specific Finding, you have full control over the calculation logic:
Set Progress Manually: Directly edit the progress percentage. Once changed, the icon will switch from A (Automatic) to M (Manual).
Reset to Automatic: You can return to system-calculated progress at any time by selecting "Reset to automatic."
Maturity Level Override: While the system calculates maturity automatically, after a finding is marked as fixed, you can manually select a specific maturity level (e.g., Level 3) instead of leaving it on "Automatic".
Multi-Select Editing (Bulk Actions)
Multi-Select Editing (Bulk Actions)
When you need to update several findings at once, you can use the multi-select feature:
Bulk Progress Update: Set a consistent progress value across all selected findings.
Bulk Reset: Revert multiple findings back to automatic calculation simultaneously.
Mixed States: If your selection includes some findings set to "Manual" and others to "Automatic," the UI will indicate a "Mixed" state to ensure you are aware of the different calculation types before applying changes.
Wrap-up
By tracking remediation in real time, Hyver ensures your maturity score accurately reflects the ongoing work of your team. This provides a transparent and up-to-date view of your organization’s security posture at every stage of the process.