Scope

1.1

This document describes a methodology for assessing organizational and product cybersecurity maturity. It provides the evaluators and vendors a means to implement and determine the maturity of the organization and products/solutions being developed regardless of solution vertical.  It covers the entire product system life cycle from conception to full commissioning and on to end of life inclusive of end point to end point attack surfaces. Its premise is an effective executive business decision to establish a comprehensive maturity model approach to cybersecurity.

1.2 Purpose

This Document applies to all IoT and related products/solutions.

1.3

This Document contains requirements. In this Document, “shall” is used to express a mandatory element in the evaluation. “should” indicates a recommendation or advise about an element.