Free tool · NIST CSF 2.0

NIST CSF 2.0 self-assessment

Where does your cybersecurity program stand? This free 2-minute self-check scores your posture against the six functions of the NIST CSF 2.0 framework — Govern, Identify, Protect, Detect, Respond and Recover. Answer honestly: nothing is saved, sent, or tracked.

This self-check is provided for information only and is not professional advice.

What the self-check covers

The six NIST CSF 2.0 functions

  • Govern. Roles, risk strategy and supply-chain risk.
  • Identify. Asset inventory and risk assessment.
  • Protect. Access control and MFA, encryption and backups, awareness.
  • Detect. Continuous monitoring of anomalies and events.
  • Respond. An exercised incident-response plan.
  • Recover. A tested recovery and continuity plan.

The self-check scores out of 20 across three bands: foundational gaps, developing, and mature posture.

Want the full picture? We run a complete NIST CSF assessment, function by function, and a virtual CISO can own the roadmap. Weighing an auditable standard too? See SOC 2 vs ISO 27001 for SMBs.

Frequently asked

NIST CSF: what to know

Is NIST CSF a certification?

No. The NIST Cybersecurity Framework is a voluntary framework for organizing and improving your security program — there’s no certificate and no pass/fail. You use it to see where you stand across its functions and to prioritize improvements; it pairs well with certifiable standards like ISO 27001.

What changed in NIST CSF 2.0?

The 2024 update added a sixth function, Govern, putting cybersecurity governance and risk strategy alongside the original five — Identify, Protect, Detect, Respond and Recover. It also broadened the framework beyond critical infrastructure to organizations of any size and sector.

Who should use NIST CSF?

Any organization that wants a structured, plain-language way to assess and improve its security posture. It’s especially useful for SMBs that need a roadmap without the overhead of a formal certification, and for answering clients or insurers who ask how you manage cyber risk.

How is NIST CSF different from SOC 2 or ISO 27001?

NIST CSF is a self-directed framework for improving your program; SOC 2 is an auditor’s attestation for clients; ISO 27001 is a certifiable management-system standard. Many organizations use CSF internally to drive the work, then pursue SOC 2 or ISO 27001 when a customer requires proof.

Strengthen your program

Get a full NIST CSF assessment, function by function, with a prioritized roadmap.

Get in touch