Is Your PKI Where It Should Be?

Understanding and Elevating Your Public Key Infrastructure with PKI Maturity Model (PKI MM)

Are you responsible for managing a Public Key Infrastructure (PKI) in your organization and wondering how it stacks up against industry standards or how you can improve it further? Perhaps you’re building a new PKI from the ground up or considering an external PKI provider but aren’t sure if their solution aligns with your needs. That’s where the PKI Maturity Model (PKI MM) comes in.

What is PKI MM?

The PKI Maturity Model is more than just a checklist of requirements for various aspects of PKI. It serves as a comprehensive guide to building, maintaining, and continuously improving your PKI environment.

At its core, the PKI MM consists of 72 distinct requirements, organized into 15 categories and 4 overarching modules. Each requirement is evaluated on a maturity scale from 1 (initial) to 5 (optimized), offering a detailed look at your PKI’s maturity level. These individual scores are then used to calculate your PKI’s overall maturity level, considering the different weights assigned to each category and module. The result is a sophisticated and accurate reflection of your PKI’s maturity, far beyond a simple sum of points.

Two Ways to Assess Your PKI

When using the PKI MM, you have two primary options for assessing your infrastructure:

  1. Full PKI Assessment: This option provides a comprehensive evaluation, offering deeper insights into each area and more precise recommendations for further development.
  2. Self-Assessment: A quicker, less detailed assessment that still offers valuable insight but without the full depth of a complete evaluation.

If you opt for the full assessment, all requirements within the defined scope are rigorously evaluated. The scope, of course, is determined by you at the beginning of the evaluation process.

Tools to Support Your Evaluation

To assist with the evaluation, PKI MM provides a robust yet user-friendly Excel tool that is free to download from the PKI MM website. The tool is accompanied by clear instructions, guiding you through the process step by step. You’ll also find detailed explanations of the evaluation and continuous improvement process directly on the website.

You have the option to conduct the evaluation yourself or enlist an independent auditor. The final output is a report that can vary in detail, from a simple confirmation of results to an in-depth analysis covering every requirement.

If you’re looking for a quicker assessment, the Self-Assessment tool—available in both Excel and web-based formats—might be ideal for you. This streamlined version evaluates entire categories rather than individual requirements, significantly speeding up the process. Each category offers a detailed description of possible maturity levels, making it easy to select the one that best reflects your current state. Results are available immediately throughout the evaluation, and you can download a full report in PDF format or simply share a link to access the results anytime.

Even if You’re Not Building a PKI…

If you’re not directly involved in creating or managing a PKI but are seeking a pre-built solution from an external provider, understanding the PKI MM framework can still be valuable. A basic grasp of the evaluation process can help you better understand how a provider’s PKI solution was assessed and what the resulting maturity score really means for your organization.

Useful Resources

PKI maturity model

Definition of the PKI maturity model and description of the maturity assessment process and procedures in order to rate the current maturity level and to track progress.

Categories description

Description of PKI maturity model related categories and associated requirements, guidance, assessment tips, and references.

PKI maturity assessment process

Description of the assessment process.

PKI maturity assessment tools

Available tools for the assessment of the PKI implementation and use case.

Feedback form

PKI maturity model and assessment feedback form.

PKI maturity model community discussion

Ideas, questions, or feedback that you want to share or discuss related to the PKI maturity model.


Post-Quantum Cryptography: A Critical Transition for Businesses
Migration and post-quantum readiness