mirror of
https://github.com/mukul975/Anthropic-Cybersecurity-Skills.git
synced 2026-07-18 21:49:40 +03:00
3.0 KiB
3.0 KiB
NIST CSF 2.0 Maturity Assessment Scorecard
Organization: ________________
Assessment Date: ________________
Assessor: ________________
Scoring Guide
| Tier | Name | Criteria |
|---|---|---|
| 1 | Partial | Ad hoc; limited awareness; no formal process |
| 2 | Risk-Informed | Management-approved; inconsistent application |
| 3 | Repeatable | Formal policies; consistent implementation; metrics |
| 4 | Adaptive | Continuous improvement; real-time; advanced automation |
Function: GOVERN (GV)
| Category | Current (1-4) | Target (1-4) | Gap | Evidence | Notes |
|---|---|---|---|---|---|
| GV.OC - Organizational Context | |||||
| GV.RM - Risk Management Strategy | |||||
| GV.RR - Roles and Responsibilities | |||||
| GV.PO - Policy | |||||
| GV.OV - Oversight | |||||
| GV.SC - Supply Chain Risk Mgmt | |||||
| Function Average |
Function: IDENTIFY (ID)
| Category | Current (1-4) | Target (1-4) | Gap | Evidence | Notes |
|---|---|---|---|---|---|
| ID.AM - Asset Management | |||||
| ID.RA - Risk Assessment | |||||
| ID.IM - Improvement | |||||
| Function Average |
Function: PROTECT (PR)
| Category | Current (1-4) | Target (1-4) | Gap | Evidence | Notes |
|---|---|---|---|---|---|
| PR.AA - Identity & Access Control | |||||
| PR.AT - Awareness and Training | |||||
| PR.DS - Data Security | |||||
| PR.PS - Platform Security | |||||
| PR.IR - Infrastructure Resilience | |||||
| Function Average |
Function: DETECT (DE)
| Category | Current (1-4) | Target (1-4) | Gap | Evidence | Notes |
|---|---|---|---|---|---|
| DE.CM - Continuous Monitoring | |||||
| DE.AE - Adverse Event Analysis | |||||
| Function Average |
Function: RESPOND (RS)
| Category | Current (1-4) | Target (1-4) | Gap | Evidence | Notes |
|---|---|---|---|---|---|
| RS.MA - Incident Management | |||||
| RS.AN - Incident Analysis | |||||
| RS.CO - Response Communication | |||||
| RS.MI - Incident Mitigation | |||||
| Function Average |
Function: RECOVER (RC)
| Category | Current (1-4) | Target (1-4) | Gap | Evidence | Notes |
|---|---|---|---|---|---|
| RC.RP - Recovery Plan Execution | |||||
| Function Average |
Overall Summary
| Function | Current Avg | Target Avg | Gap |
|---|---|---|---|
| Govern | |||
| Identify | |||
| Protect | |||
| Detect | |||
| Respond | |||
| Recover | |||
| Overall |
Top Priority Gaps
| # | Category | Current | Target | Recommended Action | Owner | Timeline |
|---|---|---|---|---|---|---|
| 1 | ||||||
| 2 | ||||||
| 3 | ||||||
| 4 | ||||||
| 5 |
Sign-off
| Role | Name | Signature | Date |
|---|---|---|---|
| CISO | |||
| CTO/CIO | |||
| Risk Officer |