Maturity Report

Assessment 2025 v0.6 - 17/12/2025

Export PDF

3.76

Overall Score (0-5)

25

Assessed Controls

8

Identified Gaps

0

Critical Gaps

Maturity by Domain
Compliance by Framework
Compliance = Level ≥ 3
Maturity Distribution
Maturity Gaps (Current Level < 4)
Control Domain Current Target Gap Priority
AUTH-004
Real-time checking of banned passwords against glo... 		Authentication 3 4 1 levels Medium
AUTH-001
Enforce Phishing-resistant MFA (FIDO2/CBA) for all... 		Authentication 3 4 1 levels Medium
AUTH-005
Block interactive login and rotate Service Account... 		Authentication 3 4 1 levels Medium
JML-001
Automate 'Birthright' provisioning via HR, creatin... 		Identity Lifecycle (JML) 3 4 1 levels Medium
JML-006
Strict expiration (TTL) for guest (B2B) accounts, ... 		Identity Lifecycle (JML) 3 4 1 levels Medium
MON-002
Automatic blocking based on Risk (User/Sign-in Ris... 		Monitoring (MON) 3 4 1 levels Medium
MON-004
P1 alerts for changes to Tier 0 groups (Global/Dom... 		Monitoring (MON) 3 4 1 levels Medium
PAM-003
Remove local administrator account and use LAPS fo... 		Privileged Access (PAM) 3 4 1 levels Medium
Recommendations Roadmap
AUTH-004 Medium

Real-time checking of banned passwords against global (pwned) lists and company ...

3 4

Action: Integração com listas globais (pwned).

AUTH-001 Medium

Enforce Phishing-resistant MFA (FIDO2/CBA) for all administrative accounts, bloc...

3 4

Action: App + Number Matching obrigatório.

AUTH-005 Medium

Block interactive login and rotate Service Account secrets every 90 days (or use...

3 4

Action: Rotação automatizada via Scripts/DevOps.

JML-001 Medium

Automate 'Birthright' provisioning via HR, creating accounts disabled until the ...

3 4

Action: Scriptado (Powershell) disparado por ticket.

JML-006 Medium

Strict expiration (TTL) for guest (B2B) accounts, requiring sponsor renewal....

3 4

Action: TTL automático (90 dias) com renovação.

MON-002 Medium

Automatic blocking based on Risk (User/Sign-in Risk) for high-risk events....

3 4

Action: Alerta integrado ao Ticket (SOAR).

MON-004 Medium

P1 alerts for changes to Tier 0 groups (Global/Domain Admins) with out-of-band n...

3 4

Action: Alerta e-mail (Near real-time).

PAM-003 Medium

Remove local administrator account and use LAPS for unique, per-workstation rota...

3 4

Action: LAPS em 100% com auditoria de uso.