One of control domain of COBIT describes information security lies in Deliver and Support (DS) on DS5 Ensure Systems Security. This domain describes what things should be done by an organization to preserve and maintain the integrity of the information assets of IT. All of this requires a security management process. One process is to perform security monitoring by conducting periodic vulnerability assessment to identify weaknesses. So it needs a method that utilizes a database that has been standardized. One of standardized database for vulnerability is CVE. This study aims to assess current condition of Data Center on Department of Transportation, Communication and Information Technology at Sleman Regency and assess the maturity level of security as well as providing solutions in particular on IT security. Next goal is to perform vulnerability assessment to find out which are the parts of the data center that may be vulnerable. Knowing weaknesses can help evaluate and provide solutions for better future. Result from this research are to create tool for vulnerability assessment and tool to calculate maturity model

Kata Kunci : COBIT; CVE; maturity model