Score your cybersecurity program against the six functions of the NIST Cybersecurity Framework 2.0 — Govern, Identify, Protect, Detect, Respond and Recover. Rate each on the four Implementation Tiers (Partial → Adaptive), set a target, and get per-function tiers, an overall maturity percentage and a current-vs-target profile gap view. Exports to Word and CSV.
For each outcome, pick the Implementation Tier that best matches where you are today: T1 Partial (ad hoc, reactive), T2 Risk-Informed (approved but inconsistent), T3 Repeatable (formal, organization-wide policy), T4 Adaptive (continuous improvement from lessons learned). Then set a target tier per function to see your gap.
⚠️ This is a self-assessment aid based on the publicly available NIST Cybersecurity Framework (CSF) 2.0 (released February 2024), which organizes cybersecurity outcomes into six Functions (Govern, Identify, Protect, Detect, Respond, Recover) and describes four Implementation Tiers (Partial, Risk-Informed, Repeatable, Adaptive). The questions here are representative samples — not the full set of 22 Categories / 106 Subcategories. It is not an official NIST product, not a certification, and not a substitute for a formal assessment by a qualified professional. All data stays in your browser; nothing is uploaded.