<![CDATA[The rapid growth and advancement of digital technology have encouraged educational institutions to adopt information systems to support academic processes. Universitas Advent Indonesia (UNAI) has implemented an Academic Information System and a Learning Management System (LMS) as part of its digital transformation in educational services. This study aims to evaluate the level of cybersecurity risk and maturity in the university’s academic information system using the National Institute of Standards and Technology (NIST) framework. Risk analysis was conducted using NIST SP 800-30 to identify, analyze, and evaluate potential threats and vulnerabilities. The effectiveness of security controls was assessed based on NIST SP 800-53A, while the Capability Maturity Model Integration (CMMI) was applied to measure the maturity level of information security implementation. The study employed two instruments: (1) a security awareness questionnaire for structural respondents to assess their perception and understanding of information security, and (2) a security control audit for technical respondents to evaluate the actual implementation of security measures. The collected data were processed using a descriptive–quantitative method and converted into maturity levels according to the CMMI model. The results show that the structural group obtained an average score of 3.94, corresponding to Level 4 (Quantitatively Managed), indicating that security controls have been implemented consistently and measured effectively. The technical group achieved an average score of 3.60, corresponding to Level 3 (Defined), suggesting that security processes are standardized but not yet fully based on quantitative measurement. According to the NIST SP 800-30 framework, most security controls are categorized as implemented and partially implemented. These findings indicate that UNAI’s cybersecurity maturity level is generally strong but still requires improvement in policy documentation, supervision, and security training to achieve the optimal maturity level.]]>
