This assessment is based on the NIST Cybersecurity Framework (CSF). It has been modified to give a comprehensive maturity rating for an organization.
The NIST CSF is separated into 5 functions:
Each Function is broken down into categories:
Identify
Protect
Detect
Respond
Recover
Instructions for use:
To use the assessment, answer each question with the level of compliance that matches the posture of your organization.
Each question contains the main question, and often several explanatory sub-questions. The sub-questions are for your consideration when deciding on your response.
Interpreting the answers
Each answer is categorized as to the level of compliance with the controls the question embodies, from “Don't Comply” to “Completely Comply”.
Once a question is answered with the level of compliance your organization is currently achieving, the assessment gives a rating and recommendations on how to raise your level of compliance to the next level.