Maturity Report

Assessment 2026 v0.13 - 26/02/2026

Export PDF

3.36

Overall Score (0-5)

25

Assessed Controls

13

Identified Gaps

0

Critical Gaps

Maturity by Domain
Compliance by Framework
Compliance = Level ≥ 3
Maturity Distribution
Maturity Gaps (Current Level < 4)
Control Domain Current Target Gap Priority
JML-004
Quarterly Access Certification campaigns with auto... 		Identity Lifecycle (JML) 2 4 2 levels High
MON-001
Centralize Audit/Sign-in Logs in a SIEM. Retention... 		Monitoring (MON) 2 4 2 levels High
MON-002
Automatic blocking based on Risk (User/Sign-in Ris... 		Monitoring (MON) 2 4 2 levels High
MON-005
Monitor anomalies in Service Principals (read volu... 		Monitoring (MON) 2 4 2 levels High
AUTH-005
Block interactive login and rotate Service Account... 		Authentication 2 4 2 levels High
JML-001
Automate 'Birthright' provisioning via HR, creatin... 		Identity Lifecycle (JML) 3 4 1 levels Medium
JML-003
Automate exit 'Kill Switch': Blocking and revocati... 		Identity Lifecycle (JML) 3 4 1 levels Medium
PAM-004
Implement a Tiered Model (Tiering/Red Forest): Tie... 		Privileged Access (PAM) 3 4 1 levels Medium
PAM-005
2 monitored Emergency (Break Glass) accounts, clou... 		Privileged Access (PAM) 3 4 1 levels Medium
MON-004
P1 alerts for changes to Tier 0 groups (Global/Dom... 		Monitoring (MON) 3 4 1 levels Medium
MON-006
User feedback ('Not me') in MFA generates an immed... 		Monitoring (MON) 3 4 1 levels Medium
AUTH-002
Enforce MFA for all users with Number Matching to ... 		Authentication 3 4 1 levels Medium
AUTH-004
Real-time checking of banned passwords against glo... 		Authentication 3 4 1 levels Medium
Recommendations Roadmap
JML-004 High

Quarterly Access Certification campaigns with automatic revocation if there is n...

2 3

Action: Anual (Todos) via Planilha Excel.

MON-001 High

Centralize Audit/Sign-in Logs in a SIEM. Retention: 90 days (hot) / 365 days (co...

2 3

Action: Backup manual esporádico para Storage.

MON-002 High

Automatic blocking based on Risk (User/Sign-in Risk) for high-risk events....

2 3

Action: Alerta por e-mail (Investigação humana).

MON-005 High

Monitor anomalies in Service Principals (read volume, new IPs, atypical hours)....

2 3

Action: Baseline manual de comportamento.

AUTH-005 High

Block interactive login and rotate Service Account secrets every 90 days (or use...

2 3

Action: Rotação manual periódica (Planilha de controle).

JML-001 Medium

Automate 'Birthright' provisioning via HR, creating accounts disabled until the ...

3 4

Action: Scriptado (Powershell) disparado por ticket.

JML-003 Medium

Automate exit 'Kill Switch': Blocking and revocation of tokens in <15 min after ...

3 4

Action: Scriptado (Batch noturno).

PAM-004 Medium

Implement a Tiered Model (Tiering/Red Forest): Tier 0 admins never log on to Tie...

3 4

Action: Bloqueio Técnico (GPO) parcial/learning.

PAM-005 Medium

2 monitored Emergency (Break Glass) accounts, cloud-only, excluded from MFA and ...

3 4

Action: 2 contas cloud-only, alertas configurados.

MON-004 Medium

P1 alerts for changes to Tier 0 groups (Global/Domain Admins) with out-of-band n...

3 4

Action: Alerta e-mail (Near real-time).

MON-006 Medium

User feedback ('Not me') in MFA generates an immediate security incident in the ...

3 4

Action: Feedback gera alerta para SOC.

AUTH-002 Medium

Enforce MFA for all users with Number Matching to mitigate MFA fatigue....

3 4

Action: 100% + Number Matching + Bloqueio SMS.