Cybersecurity Framework

NIST CSF v2.0 Maturity Assessment

Establish a defensible cybersecurity baseline using the globally recognised NIST Cybersecurity Framework. Board-ready results in hours.

121

Questions

6

Core Functions

2–3

Hours to Complete

v2.0

Latest Framework

The Challenge

Security leaders need a way to demonstrate cybersecurity maturity that's recognised by regulators, customers, and boards—without commissioning expensive external assessments every time. The NIST Cybersecurity Framework is the most widely referenced standard globally, but translating its outcome-based approach into a structured, repeatable evaluation is harder than it looks.

What This Assessment Does

The NIST CSF v2.0 Maturity Assessment translates the framework's six core functions into 121 structured questions with clear maturity criteria at each level. Complete it in a single session, generate board-ready outputs the same day, and repeat it quarterly to track progress.

Updated for CSF 2.0, this assessment includes full coverage of the new Govern function—elevating cybersecurity governance from an implicit expectation to an explicit, assessable component of your security programme.

Who This Assessment Is For

CISOs & Security Leaders

Establish baselines, track progress, and communicate cybersecurity posture to boards using a globally recognised framework.

GRC & Compliance Teams

Document framework alignment for customers, regulators, and audit committees with defensible evidence.

IT Risk Managers

Identify capability gaps across the full cybersecurity lifecycle and prioritise remediation investments.

Organisations of Any Size

NIST CSF 2.0 is designed for all organisation types. This assessment scales from SMEs to large enterprises.

When to Use This Assessment

Baseline

Establishing your first cybersecurity maturity benchmark before setting improvement targets.

Board Reporting

Providing directors with quantified maturity metrics and progress tracking.

Customer Requests

Responding to security questionnaires referencing NIST CSF alignment.

Programme Maturity

Transitioning from CSF 1.1 to 2.0 or maturing an existing security programme.

Quarterly Review

Tracking cybersecurity improvement over time with consistent, comparable assessments.

M&A Diligence

Rapidly assessing acquisition target security posture before deals close.

Framework Coverage

All six NIST CSF 2.0 core functions are assessed, including the new Govern function introduced in version 2.0.

GOVERN
Cybersecurity Governance (GV)

Organisational context, risk management strategy, roles and responsibilities, policy, oversight, and supply chain risk management. New in CSF 2.0.

IDENTIFY
Risk Identification (ID)

Asset management, business environment, risk assessment, and improvement planning.

PROTECT
Protective Controls (PR)

Identity management, access control, awareness and training, data security, platform security, and infrastructure protection.

DETECT
Detection Capabilities (DE)

Continuous monitoring and adverse event analysis to discover cybersecurity events promptly.

RESPOND
Incident Response (RS)

Incident management, analysis, reporting, communication, and mitigation activities.

RECOVER
Recovery Planning (RC)

Incident recovery plan execution and communication to restore operations after incidents.

Important Disclaimer

This assessment is a self-assessment tool designed to help organisations evaluate their cybersecurity posture against the NIST Cybersecurity Framework. It does not constitute a formal NIST assessment, certification, or attestation. The NIST CSF is a voluntary framework and does not prescribe mandatory requirements. Results should be used alongside other assurance activities.

What You Receive

Complete the assessment once. Generate these outputs immediately—no waiting for consultants.

Executive Summary Report

Board-ready Word document with overall maturity score, function-by-function breakdown, key findings, and prioritised recommendations.

Detailed Gap Register

Excel workbook with question-level results mapped to CSF subcategories. Filter by function, maturity level, or risk rating for remediation planning.

Maturity Visualisations

Radar charts showing function-level maturity at a glance. Copy directly into board presentations or stakeholder reports.

Remediation Roadmap

Prioritised recommendations ranked by risk impact and implementation effort. Clear next steps for each identified gap.

Run the same assessment quarterly or annually. Consistent methodology means comparable results you can trend over time.

Get Started Today

Purchase once. Use repeatedly. No subscription, no ongoing fees, no data collection.

Purchase Assessment

Immediate download. Runs entirely in your browser.

Frequently Combined With

Organisations often pair NIST CSF with these complementary assessments for broader coverage.

Information Security

ISO 27001 Maturity Assessment

Combine NIST CSF's outcome focus with ISO 27001's management system approach. Ideal when certification is also a goal.

Learn more
Third-Party Risk

Supply Chain Security Assessment

Extend the Govern function's supply chain coverage (GV.SC) with comprehensive third-party risk evaluation.

Learn more

View All Assessments