Unlocking Organizational Security: New Identity Governance Maturity Model Standards

As organizations expand and digital transformation deepens, identity governance faces numerous challenges, while frequent security incidents underscore the urgent need for clear identity permissions, access policies, and risk prediction.

Led by the China Academy of Information and Communications Technology (CAICT) together with major enterprises, the Identity Governance Capability Maturity Model series standards were created, comprising Part 1: General Capability Requirements and Part 2: System and Tool Technical Requirements.

Standard Evaluation Framework

Part 1 defines three major dimensions—access management, identity management, and general capabilities—covering nine sub‑dimensions and numerous items. The model grades maturity into five levels: Initial, Basic, Comprehensive, Excellent, and Outstanding, each with specific capability requirements.

Part 2 focuses on systems and tools, covering five dimensions—unified identity management, unified resource management, unified authentication management, development integration management, and unified security management—totaling sixteen sub‑dimensions and various functional items. Assessment results are categorized as Application, Comprehensive, and Outstanding levels.

Evaluation Value

The assessment, performed by an independent third‑party institution, promotes standard adoption, helps organizations understand their current state, and guides improvement, product development, and procurement decisions.

Evaluation Cases

Early evaluations have been completed by China Merchants Bank, China Minsheng Bank, and Beijing Steam Memory Technology Co., Ltd.

Evaluation Process

In 2024 the evaluation for both parts of the model is open for registration. Organizations can apply by emailing the contacts listed below.

Contact Information

CAICT – Sun Huan, Phone: 151 7234 2319, Email: [email protected]

CAICT – Jiang Jingjing, Phone: 178 8882 3510, Email: [email protected]