With the development of modern businesses toward cloud-native, automated infrastructure, Infrastructure as Code has become a fundamental part of scalable systems engineering. However, there is often no easy way to assess the level of adoption maturity beyond superficial metrics, such as tool use. This article presents a five-step Infrastructure as Code Maturity Model, which is a systematic mapping of the progression of IaC Implementations between ad hoc scripting and policy-based automation. The maturity level is characterized by quantifiable attributes in four key dimensions, namely level of automation, level of governance, level of observability, and level of security integration. This framework is based on empirical validation in the finance, telecommunications and government sectors, and it shows quantifiable improvements over the life cycles of organizations as maturity is achieved. Validation studies demonstrate that organizations that progress to the next level of governed automation, based on initial levels of automation attain reduced configuration drift incidents, compliance audit preparation time, and infrastructure provisioning time, and at the same time, an improvement in deployment frequency and automated compliance coverage. The model fits perfectly with the new security models such as Zero-Trust Architecture and Supply-chain Levels of Software Artifacts, which offer organizations the diagnostic feature and the roadmap of the infrastructure evolution. Through defining steps of progression with quantifiable results, this study will allow companies to undertake the task of infrastructure modernization in a systematic manner to avoid automation as a one-off script into verifiably secure, compliant, and resilient operations that uphold governance in a cloud scale.