NIST CSF 2.0 Maturity Assessment

The NIST Cybersecurity Framework 2.0 organizes your security program into six core functions: it answers who is accountable, what you have, how you protect it, how you detect problems, how you respond, and how you recover.

Most organizations are strong in one or two functions and weak everywhere else. Rate your maturity across all six below and get an AI-built 90-day roadmap in minutes.

⏳ Takes about 2 minutes  |  Most organizations score below Tier 2 on their first assessment

1. Govern

Establish and monitor your cybersecurity risk management strategy, expectations, and policy.

2. Identify

Understand your organization's assets, data, and risks so security effort goes where it matters most.

3. Protect

Implement safeguards to secure critical assets and limit the impact of a potential security event.

4. Detect

Find and analyze possible cybersecurity attacks and compromises as early as possible.

5. Respond

Take action once a cybersecurity incident is detected to contain its impact.

6. Recover

Restore assets and operations affected by a cybersecurity incident and reduce the impact of future events.

Rate Your Maturity (1–4)

1=Partial  |  2=Risk Informed  |  3=Repeatable  |  4=Adaptive

1Partial

Policies, strategy, and supply chain risk management.

1Partial

Asset management and risk assessment.

1Partial

Access control, awareness, and data security.

1Partial

Anomalies, events, and continuous monitoring.

1Partial

Incident management, analysis, and mitigation.

1Partial

Recovery planning and improvements.

Overall Maturity: Tier 1 — Partial

Most mid-size organizations score between Tier 1–2 on initial assessment.

Your Strategic Roadmap

Adjust the sliders to reflect your current maturity, then click “Generate 90-Day Roadmap” to receive an AI-tailored plan.