Cyber Risk Assessment

Discover the future of cyber risk management
with CRA, the cutting-edge SaaS solution.

CRA employs a user-friendly approach based on the Cybersecurity Maturity Model Certification (CMMC) to assess cybersecurity risk maturity. Your organization or company can self-assess its cybersecurity posture, resulting in a numerical score that graphically represents your risk maturity.


WHY CRA

Dive into CRA today and transform your risk management
processes, making them more efficient and impactful!

Goodbye to excel,
hello to CRA

Say goodbye to the messiness of Excel and other solutions. CRA provides a safe web-based environment for collaborative risk management. Easily perform risk assessments within the platform, with actionable insights on where to begin reducing your risks. Get a holistic risk overview and embark on proactive risk management.

Unlock Efficiency
And savings

Experience top-tier risk management with CRA, all while optimizing your resource allocation. Its outstanding efficiency means you'll save both time and money, making it a wise investment for your operations.

Overview of Supply
Chain Security

Distribute CRA to your suppliers to gain valuable insights into their cyber risk maturity levels. This transparency not only enhances your supply chain security but also ensures compliance with NIS2 regulations that mandate this level of insight.

Goodbye to excel,
hello to CRA

Say goodbye to the messiness of Excel and other solutions. CRA provides a safe web-based environment for collaborative risk management. Easily perform risk assessments within the platform, with actionable insights on where to begin reducing your risks. Get a holistic risk overview and embark on proactive risk management.

Unlock Efficiency
And savings

Experience top-tier risk management with CRA, all while optimizing your resource allocation. Its outstanding efficiency means you'll save both time and money, making it a wise investment for your operations.

Overview of Supply
Chain Security

Distribute CRA to your suppliers to gain valuable insights into their cyber risk maturity levels. This transparency not only enhances your supply chain security but also ensures compliance with NIS2 regulations that mandate this level of insight.

HOW IT WORKS

Dive into CRA today and transform your risk management
processes, making them more efficient and impactful!

5-LEVEL MATURITY

5-LEVEL MATURITY

Maturity Score

/5

Recommended minimum score: 3.0

Last Updated Sep. 14, 10:00
Progress 100%

Progress

100%

MATURITY SCORING SYSTEM

CRA comprises a five-tier maturity model, providing a structured approach for breaking down implementation into manageable phases. Additionally, it accommodates business-specific and customized requirements, making it a versatile choice for enhancing cybersecurity.

CRA comprises a five-tier maturity model, providing a structured approach for breaking down implementation into manageable phases. Additionally, it accommodates business-specific and customized requirements, making it a versatile choice for enhancing cybersecurity.

Maturity Score

/5

Recommended minimum score: 3.0

Last Updated Sep. 14, 10:00
Progress 100%

Progress

100%

As shown in the image above, each level has a certain number of practices beneath it. Level 1 has 17 practices, level 2 has 72, and it keeps growing up to 171 practices at level 5. This growth happens because the levels build on each other. For instance, to reach level 3 in a specific domain, you also need to show that you've met the requirements for levels 1 and 2.

17 DOMAINS OF
SECURITY PRACTICES

Access Control

Asset Management

Awareness and Training

Audit and Accountability

Configuration Management

Identification and Authentication

Incident Response

Maintenance

Media Protection

Personnel Security

Physical Security

Recovery

Risk Management

Security Assessment

Situational Awareness

Systems and Communications Protection

System and Information Protection

The framework structure

CRA is like a structured guidebook for cybersecurity. Based on the framework CMMC it has 17 sections, called domains, where you can find different security practices. Our software measures these practices based on the five levels of difficulty, from basic to advanced. Each domain also includes specific abilities you need to have, and within those abilities, there are specific actions you must show you can do. It's a way to measure and improve how well you protect your data and systems.

Access Control

Asset Management

Awareness and Training

Audit and Accountability

Configuration Management

Identification and Authentication

Incident Response

Maintenance

Media Protection

Personnel Security

Physical Security

Recovery

Risk Management

Security Assessment

Situational Awareness

Systems and Communications Protection

System and Information Protection


43 CYBER SECURITY
CAPABILITIES

The framework defines 43 cyber security capabilities across the 17 domains. These capabilities involve a combination of processes, skills, knowledge, tools, and behaviors that work together to ensure a specific level of security.

Organizations should aim to achieve these capabilities at the maturity levels 1-5 when they appropriately deploy and manage cyber security practices.

The framework defines 43 cyber security capabilities across the 17 domains. These capabilities involve a combination of processes, skills, knowledge, tools, and behaviors that work together to ensure a specific level of security.

Organizations should aim to achieve these capabilities at the maturity levels 1-5 when they appropriately deploy and manage cyber security practices.

Ex. ACCESS CONTROL has the following associated capabilities:
C001: Establish systems access requirements
C002: Control internal systems access.
C003: Control remote systems access.
C004: Limit data access to authorised users and processes.

Ex. ACCESS CONTROL has the following associated capabilities:
C001: Establish systems access requirements
C002: Control internal systems access.
C003: Control remote systems access.
C004: Limit data access to authorised users and processes.

QUESTION & SCORING EXAMPLE - ACCESS CONTROL DOMAIN:

ID Question Example Notes Answer Last Updated

1.001 Are all company devices password protected?

1 month ago

Example: You are in charge of IT for your company. You give a username and password to every
employee who uses a company computer for their job. No one can use a company computer
without a username and a password. You give a username and password only to those
employees you know have permission to be on the system. When an employee leaves the
company, you disable their username and password immediately.
Notes:

Last Edited: 14/09/2023

By: User


Question Example Notes Answer

Are all company devices password protected?
Example: You are in charge of IT for your company. You give a username and password to every
employee who uses a company computer for their job. No one can use a company computer
without a username and a password. You give a username and password only to those
employees you know have permission to be on the system. When an employee leaves the
company, you disable their username and password immediately.
Notes:

ACCOUNT MANAGEMENT

With our user-friendly platform, you can effortlessly create and manage users, departments, and suppliers while gaining a comprehensive overview of your organization's cyber risk landscape, including those suppliers you've invited to collaborate.

Discover how easy it is to enhance your cyber resilience, collaborate seamlessly with suppliers, and take charge of your organization's security.