Cyber resilience is often discussed as a spectrum, but operationally it must resolve to a simple question: Are you meeting your resilience criteria, or not?
‍

Spektrum defines four escalating levels of proof that describe how trustworthy and defensible a cybersecurity or resilience claim is. Each level answers the question:

‍

“How do we know this control is real, working, and trustworthy?"
Josh Brown, Spektrum CISO 

‍

Spektrum formalizes this by separating who is making the attestation from how resilience is ultimately evaluated. Across all four proof levels, cyber resilience in the Spektrum platform is rendered binary: criteria are either satisfied or they are not, regardless of how nuanced or continuous the underlying inputs may be.

‍

What changes across L1–L4 is who attests, how much trust is required, and can the process and the outcome be automated?

‍

‍

‍
(*) At level 2, the act of uploading evidence is itself the attestation. Spektrum does not assert:

‍

• That the artifact is accurate
• That the control is effective
• That the evidence satisfies the objective

‍

The Unifying Principle: Binary Truth‍

‍

No matter how complex, probabilistic, or continuous the underlying inputs may be: in Spektrum, compliance and resilience resolve to a binary state.

‍

"In Spektrum, compliance and resilience resolve to a binary state, no matter how complex, probabilistic, or continuous the underlying inputs may be. You are either meeting your cyber resilience criteria, or you are not."

Josh Brown, Spektrum CISO

‍

The binary truth drives conversation about how to resolve failures to meet your criteria--either change your risk tolerance by adjusting the criteria, or increase resources to meet the criteria as they currently are.

‍
Why This Is Important‍

‍

Most platforms blur attestation and proof. By enforcing a binary output, Spektrum supports clear legal and trust models, delivers clarity for stakeholders using the information, and enables the deployment of deterministic automation opening a path for provable, continuous resilience.

Why the L1-L4 Ladder Matters  

‍

Many cybersecurity programs mix claims, screenshots, and audits and treat them as equal. Spektrum does not.

‍

L1–L2 are based on statements and static artifacts. L3 brings independence but is still static.

‍

Only L4 operates a continuous process and delivers, systematically, machine-verifiable truth. Being “Green” at Level 4 means resilient, not just documented. This distinction is how you can confidently answer board questions about cyber resilience. This is also why insurers accept Spektrum proof for insurability.