Files
Anthropic-Cybersecurity-Skills/skills/performing-nist-csf-maturity-assessment/assets/template.md
T

3.0 KiB

NIST CSF 2.0 Maturity Assessment Scorecard

Organization: ________________

Assessment Date: ________________

Assessor: ________________


Scoring Guide

Tier Name Criteria
1 Partial Ad hoc; limited awareness; no formal process
2 Risk-Informed Management-approved; inconsistent application
3 Repeatable Formal policies; consistent implementation; metrics
4 Adaptive Continuous improvement; real-time; advanced automation

Function: GOVERN (GV)

Category Current (1-4) Target (1-4) Gap Evidence Notes
GV.OC - Organizational Context
GV.RM - Risk Management Strategy
GV.RR - Roles and Responsibilities
GV.PO - Policy
GV.OV - Oversight
GV.SC - Supply Chain Risk Mgmt
Function Average

Function: IDENTIFY (ID)

Category Current (1-4) Target (1-4) Gap Evidence Notes
ID.AM - Asset Management
ID.RA - Risk Assessment
ID.IM - Improvement
Function Average

Function: PROTECT (PR)

Category Current (1-4) Target (1-4) Gap Evidence Notes
PR.AA - Identity & Access Control
PR.AT - Awareness and Training
PR.DS - Data Security
PR.PS - Platform Security
PR.IR - Infrastructure Resilience
Function Average

Function: DETECT (DE)

Category Current (1-4) Target (1-4) Gap Evidence Notes
DE.CM - Continuous Monitoring
DE.AE - Adverse Event Analysis
Function Average

Function: RESPOND (RS)

Category Current (1-4) Target (1-4) Gap Evidence Notes
RS.MA - Incident Management
RS.AN - Incident Analysis
RS.CO - Response Communication
RS.MI - Incident Mitigation
Function Average

Function: RECOVER (RC)

Category Current (1-4) Target (1-4) Gap Evidence Notes
RC.RP - Recovery Plan Execution
Function Average

Overall Summary

Function Current Avg Target Avg Gap
Govern
Identify
Protect
Detect
Respond
Recover
Overall

Top Priority Gaps

# Category Current Target Recommended Action Owner Timeline
1
2
3
4
5

Sign-off

Role Name Signature Date
CISO
CTO/CIO
Risk Officer