Score all 106 subcategories across six core functions. Surface your highest-priority gaps. Track maturity improvement across assessments. Free to use — no account required.
NIST CSF 2.0 organizes cybersecurity activities into six core functions: Govern, Identify, Protect, Detect, Respond, and Recover. Each function contains categories and subcategories that map to specific outcomes.
The CSF 2.0 Assessment tool walks you through all 106 subcategories, scoring each on a 0–5 maturity scale. The result is a complete picture of where your program is strong, where gaps exist, and what to prioritize next.
Four steps, built to be completed in a single session or across multiple visits. Export a JSON snapshot at the end to preserve your assessment.
Set your organization name, assessment date, and target maturity levels. You can apply a single target score across all functions or set per-function targets to reflect where your program actually needs to be — not just a blanket aspirational level.
Work through subcategories grouped by the six core functions: Govern, Identify, Protect, Detect, Respond, and Recover. Each item receives a Current score (0–5) and an optional Target. Inline reference text from the CSF 2.0 publication provides context for each subcategory as you work.
The Summary tab aggregates scores into function-level maturity ratings and surfaces your highest-priority gaps. KPI cards show overall posture, total subcategories scored, gap count by threshold, and the number of high-priority items. A gap action plan groups remediation items by function and priority level.
Import previous assessment snapshots to the Trends tab and visualize maturity improvement over time. Compare function scores across assessments, see your overall trajectory, and identify where remediation efforts are — and aren't — moving the needle. Requires at least two saved snapshots.
All scoring and gap analysis is free. Pro adds the file management, reporting, and trend tracking that serious work requires.
Resume a previous assessment or load a historical snapshot. Import multiple files to populate the Trends view for comparative analysis.
Export a complete point-in-time assessment to a JSON file. Share with teammates, archive for compliance records, or reimport later to resume.
Generate a formatted Excel workbook with all scores, gaps, and function summaries — ready for stakeholder review or leadership reporting.
Produce a customizable, professionally formatted report with executive summary, function scores, and top remediation priorities. Always renders in light mode for clean printing.
Load 2+ snapshots to see maturity progression over time — line charts and delta indicators per function show exactly where the program is improving.
No account required. Open the tool and start scoring in minutes. Export a JSON snapshot when you finish to preserve your work for next time.
Risk Posture Tools